Omron Fixes Multiple Vulnerabilities

Friday, October 2, 2015 @ 05:10 PM gHale

Omron Corporation created a new version that mitigate vulnerabilities in its CX-Programmer software, CJ2M series programmable logic controller (PLC), and CJ2H series PLC these vulnerabilities, according to a report on ICS-CERT.

Of the three vulnerabilities, discovered by Air Force Institute of Technology researcher Stephen Dunlap, one could end up exploited remotely.

Pump Infusion System Holes Mended
Mitsubishi Fixes Controller DoS
Remedy to Fix Unsupported PKS Hole
EasyIO Mitigates Hole in Controller

The following Omron Corporation products suffer from the issue:
• CX-Programmer software, versions prior to Version 9.6
• CJ2M Series PLC, versions prior to Version 2.1
• CJ2H Series PLC, versions prior to Version 1.5

Successful exploitation of these vulnerabilities could result in the compromise of sensitive account information.

Omron is an international company headquartered in Kyoto, Japan.

The affected product, CX-Programmer, is part of the CX-One software suite, used to configure and program devices such as PLCs and HMIs.

The CJ2M series device is a PLC primarily used for packaging and machine automation. The CJ2H series device is a PLC used for machine automation that requires image processing inspection of electrical components and high speed sorting on conveyors. According to Omron Corporation, these products see action across the critical manufacturing sector. Omron estimates these products see use worldwide.

In one vulnerability, the password transmits in clear text to unlock the PLC for modification, which leaves the password vulnerable to packet sniffing.

CVE-2015-0987 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 10.0.

In addition, passwords end up stored in source code protected project files for CX-Programmer in a recoverable format.

CVE-2015-0988 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

Also, passwords end up locally stored in an object file saved in a Compact Flash Card in a recoverable format.

CVE-2015-1015 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The clear text transmission of sensitive information vulnerability could end up exploited remotely. The storage of passwords in recoverable format vulnerabilities is locally exploitable.

No known public exploits specifically target these vulnerabilities. An attacker with low skill would be able to exploit these vulnerabilities.

Omron released a new version of the CX-Programmer software (Version 9.6) and new versions of the CJ2M series PLC (Version 2.1) and the CJ2H Series PLC (Version 1.5), which resolve the identified vulnerabilities. Omron recommends installing the new versions as soon as possible.

The CX-Programmer software, Version 9.6, is available by auto-update service or online.

The CJ2M series PLC, Version 2.1 and the CJ2H series PLC, Version 1.5 can end up obtained by contacting Omron Corporation’s Customer Care Team.

Click here for Omron’s security notice.