CVE: CVE-2022-31204

Export to Word

Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

S1 – Steal Customer Account Information

EPSS

Score: 0.00105
Percentile: 0.29362

CVSS Scoring

CVSS v3.1 Score: 7.5

Severity: HIGH

Mapped CWE(s)

CWE-319 : Cleartext Transmission of Sensitive Information

All CAPEC(s)

CAPEC-102: Session Sidejacking
CAPEC-117: Interception
CAPEC-383: Harvesting Information via API Event Monitoring
CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content
CAPEC-65: Sniff Application Code

CAPEC(s) with Mapped TTPs

CAPEC-383: Harvesting Information via API Event Monitoring
Mapped TTPs:
- T1056.004 : Credential API Hooking
CAPEC-65: Sniff Application Code
Mapped TTPs:
- T1040 : Network Sniffing

Mapped ATT&CK TTPs

T1056.004 : Credential API Hooking
Kill Chain: collection
T1040 : Network Sniffing
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

ArcaneDoor
2015 Ukraine Electric Power Attack

Affected Products

cpe:2.3:o:omron:sysmac_cs1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:omron:sysmac_cj2m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:omron:sysmac_cj2h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:omron:sysmac_cp1e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:omron:sysmac_cp1h_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:omron:sysmac_cp1l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:omron:cp1w-cif41_firmware:-:*:*:*:*:*:*:*
cpe:2.3:a:omron:cx-programmer:*:*:*:*:*:*:*:*

← Back to Home