At the beginning of the month, Omron published a series of Cybersecurity vulnerabilities on its website that affect its NJ/NX series controllers. The company details in its reports what these vulnerabilities consist of, which computers are affected and how to solve them.
Authentication bypass vulnerabilities in communications functions of NJ/NX-series Machine Automation Controllers
Use of Hard-coded Credentials (CWE-798) and Authentication Bypass by Capture-replay (CWE-294) vulnerabilities exist in the communications functions between the NJ/NX-series Machine Automation Controllers, Automation software Sysmac Studio, and NA-series Programmable Terminals. An attacker may use these vulnerabilities to bypass authentication in the communications connection process and perform unauthorized access to the controller products.
Malicious program execution vulnerability in NJ/NX-series Machine Automation Controllers
Authentication Bypass by Capture-replay (CWE-294) vulnerability exists in the NJ/NX-series Machine Automation Controllers. An attacker may illegally access the controllers and use the vulnerability to cause the product to be out of service state or execute a malicious program.
OMRON shows on its website the equipment and versions affected as well as the measures to be taken by customers to minimize the risk of exploiting these vulnerabilities.