{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-0811","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2023-02-13T15:41:55.590Z","datePublished":"2023-03-16T17:41:25.525Z","dateUpdated":"2025-01-16T21:42:32.824Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","packageName":"CJ2H-CPU6 □ -EIP","product":"CJ1M SYSMAC CJ-series","vendor":"Omron ","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CJ2H-CPU6 □","product":"CJ1M SYSMAC CJ-series","vendor":"Omron","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CJ2M-CPU □ □","product":"CJ1M SYSMAC CJ-series","vendor":"Omron","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CJ1G-CPU □ □ P","product":"CJ1M SYSMAC CJ-series","vendor":"Omron","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CS1H-CPU □ □ H","product":"CJ1M SYSMAC CS-series ","vendor":"Omron ","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CS1G-CPU □ □ H","product":"CJ1M SYSMAC CS-series ","vendor":"Omron ","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CS1D-CPU □ □ HA","product":"CJ1M SYSMAC CS-series ","vendor":"Omron ","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CS1D-CPU □ □ H","product":"CJ1M SYSMAC CS-series ","vendor":"Omron ","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CS1D-CPU □ □ SA","product":"CJ1M SYSMAC CS-series ","vendor":"Omron","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CS1D-CPU □ □ S","product":"CJ1M SYSMAC CS-series ","vendor":"Omron ","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CS1D-CPU □ □ P","product":"CJ1M SYSMAC CS-series ","vendor":"Omron ","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CP2E-E □ □ D □ - □","product":"CJ1M SYSMAC CP-series","vendor":"Omron","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CP2E-S □ □ D □- □","product":"CJ1M SYSMAC CP-series","vendor":"Omron","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CP2E-N □ □ D □ - □","product":"CJ1M SYSMAC CP-series","vendor":"Omron","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CP1H-X40D □ - □","product":"CJ1M SYSMAC CP-series","vendor":"Omron","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CP1H-XA40D □ - □","product":"CJ1M SYSMAC CP-series","vendor":"Omron","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CP1H-Y20DT-D","product":"CJ1M SYSMAC CP-series","vendor":"Omron","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CP1L-EL20D □ - □","product":"CJ1M SYSMAC CP-series","vendor":"Omron","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CP1L-EM □ □ D □ - □","product":"CJ1M SYSMAC CP-series","vendor":"Omron","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CP1L-L □ □ D □- □","product":"CJ1M SYSMAC CP-series","vendor":"Omron","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CP1L-M □ □ D □ - □","product":"CJ1M SYSMAC CP-series","vendor":"Omron","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CP1E-E □ □ D □ - □","product":"CJ1M SYSMAC CP-series","vendor":"Omron","versions":[{"status":"affected","version":"All versions "}]},{"defaultStatus":"unaffected","packageName":"CP1E-NA □ □ D □ - □","product":"CJ1M SYSMAC CP-series","vendor":"Omron","versions":[{"status":"affected","version":"All versions "}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Sam Hanson of Dragos reported these vulnerabilities to CISA. "}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nOmron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program. \n\n"}],"value":"\nOmron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program. \n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284 Improper Access Control ","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2023-03-16T17:45:14.919Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-01"},{"url":"https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf"}],"source":{"discovery":"UNKNOWN"},"workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n

OMRON has released the following countermeasures for users to implement:

If the countermeasures cannot be applied, OMRON recommends that customers take the following mitigation measures:

Security measures to prevent unauthorized access:

For more information, see Omron’s Security Advisory.


\n\n
"}],"value":"\nOMRON has released the following countermeasures for users to implement: \n\n * Enable the hardware switch to prohibit writing UM (DIP switch on front panel of the CPU Unit) \n * Set UM read protection password and “Prohibit from overwriting to a protected program “option. \n\n\nIf the countermeasures cannot be applied, OMRON recommends that customers take the following mitigation measures: \n\nSecurity measures to prevent unauthorized access: \n\n * If the following products and versions are used, the risk of attacks by an attacker via the network can be reduced by taking the following measures. * Enable the FINS write protection function. \n * Select the Protect by IP Address \n\n\n\n * Minimize connection of control systems and equipment to open networks, so that untrusted devices will be unable to access them.  \n * Implement firewalls (by shutting down unused communications ports, limiting communications hosts, limiting access to FINS port (9600)) and isolate them from the IT network. \n * Use a virtual private network (VPN) for remote access to control systems and equipment. \n * Use strong passwords and change them frequently. \n * Install physical controls so that only authorized personnel can access control systems and equipment. \n * Scan virus to ensure safety of any USB drives or similar devices before connecting them to systems and devices. \n * Enforce multifactor authentication to all devices with remote access to control systems and equipment whenever possible. \n * Anti-virus protection * Protect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protection. \n\n\n\n * Data input and output protection * Validation processing such as backup and range check to cope with unintentional modification of input/output data to control systems and devices. \n\n\n\n * Data recovery * Periodical data backup and maintenance to prepare for data loss. \n\n\n\n\n\nFor more information, see Omron’s Security Advisory https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf .\n\n\n\n\n\n"}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:24:34.505Z"},"title":"CVE Program Container","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-01","tags":["x_transferred"]},{"url":"https://www.ia.omron.com/product/vulnerability/OMSR-2023-001_en.pdf","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-16T20:56:16.921497Z","id":"CVE-2023-0811","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-16T21:42:32.824Z"}}]}}