Omron SYSMAC CS/CJ/CP Series and NJ/NX Series

Risk Summary

Successful exploitation of these vulnerabilities could cause a denial-of-service condition and allow remote code execution.

CVEs (4)

Remediations

• For CVE-2022-31204: Omron recommends users implement an extended password protection function in the following product versions: CS1: v.4.1 or later
• For CVE-2022-31204: Omron recommends users implement an extended password protection function in the following product versions: CJ2M: v2.1 or later
• For CVE-2022-31204: Omron recommends users implement an extended password protection function in the following product versions: CJ2H: v1.5 or later
• For CVE-2022-31204: Omron recommends users implement an extended password protection function in the following product versions: CP1E/CP1H: v1.30 or later
• For CVE-2022-31204: Omron recommends users implement an extended password protection function in the following product versions: CP1L: v1.10 or later
• For CVE-2022-31204: Omron recommends users implement an extended password protection function in the following product versions: CX-Programmer: v9.6 or higher
• For CVE-2022-31205: Omron recommends using different passwords between the CP1W-CIF41 Ethernet Option Board and CP1 PLC itself. The Web UI password will not grant access to the PLC.
• For CVE-2022-31207: Omron recommends users of SYSMAC CS/CJ/CP Series to use the PLC protection password and enable protection against unauthorized write access to address. Also, there are hardware DIP switches on the PLC which can prevent unauthorized PLC program changes regardless of password.
• For CVE-2022-31206: Omron intends to publish an update for SYSMAC NJ/NX in July 2022.

Affected Vendors

Affected Products (8)

Affected Sectors

Critical Manufacturing