cvelistv5 - cve-2023-27396

CVE-2023-27396 (GCVE-0-2023-27396)

Vulnerability from cvelistv5

Published

2023-06-19 00:00

Modified

2024-12-24 16:45

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Insecure Design

Summary

FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)

References

URL

Tags

	https://www.us-cert.gov/ics/advisories/icsa-19-346-02
	https://www.ia.omron.com/product/vulnerability/OMSR-2023-003_en.pdf
	https://www.fa.omron.co.jp/product/vulnerability/OMSR-2023-003_ja.pdf
	https://jvn.jp/en/ta/JVNTA91513661/
	https://jvn.jp/ta/JVNTA91513661/
	https://www.us-cert.gov/ics/advisories/icsa-20-063-03
	https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02

Impacted products

	Vendor	Product	Version
	OMRON Corporation	Multiple OMRON products which implement FINS protocol	Version: SYSMAC CS-series CPU Units all versions, SYSMAC CJ-series CPU Units all versions, SYSMAC CP-series CPU Units all versions, SYSMAC NJ-series CPU Units all versions, SYSMAC NX1P-series CPU Units all versions, SYSMAC NX102-series CPU Units all versions, and SYSMAC NX7 Database Connection CPU Units Ver.1.16 or later

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:09:43.381Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-003_en.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.fa.omron.co.jp/product/vulnerability/OMSR-2023-003_ja.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/ta/JVNTA91513661/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/ta/JVNTA91513661/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-27396",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-24T16:45:15.508549Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-306",
                "description": "CWE-306 Missing Authentication for Critical Function",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-24T16:45:20.428Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Multiple OMRON products which implement FINS protocol",
          "vendor": "OMRON Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "SYSMAC CS-series CPU Units all versions, SYSMAC CJ-series CPU Units all versions, SYSMAC CP-series CPU Units all versions, SYSMAC NJ-series CPU Units all versions, SYSMAC NX1P-series CPU Units all versions, SYSMAC NX102-series CPU Units all versions, and SYSMAC NX7 Database Connection CPU Units Ver.1.16 or later"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insecure Design",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-19T00:00:00.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"
        },
        {
          "url": "https://www.ia.omron.com/product/vulnerability/OMSR-2023-003_en.pdf"
        },
        {
          "url": "https://www.fa.omron.co.jp/product/vulnerability/OMSR-2023-003_ja.pdf"
        },
        {
          "url": "https://jvn.jp/en/ta/JVNTA91513661/"
        },
        {
          "url": "https://jvn.jp/ta/JVNTA91513661/"
        },
        {
          "url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-03"
        },
        {
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-27396",
    "datePublished": "2023-06-19T00:00:00.000Z",
    "dateReserved": "2023-03-15T00:00:00.000Z",
    "dateUpdated": "2024-12-24T16:45:20.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.us-cert.gov/ics/advisories/icsa-19-346-02\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.ia.omron.com/product/vulnerability/OMSR-2023-003_en.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.fa.omron.co.jp/product/vulnerability/OMSR-2023-003_ja.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://jvn.jp/en/ta/JVNTA91513661/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://jvn.jp/ta/JVNTA91513661/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.us-cert.gov/ics/advisories/icsa-20-063-03\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T12:09:43.381Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-27396\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-24T16:45:15.508549Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-24T16:43:30.455Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"OMRON Corporation\", \"product\": \"Multiple OMRON products which implement FINS protocol\", \"versions\": [{\"status\": \"affected\", \"version\": \"SYSMAC CS-series CPU Units all versions, SYSMAC CJ-series CPU Units all versions, SYSMAC CP-series CPU Units all versions, SYSMAC NJ-series CPU Units all versions, SYSMAC NX1P-series CPU Units all versions, SYSMAC NX102-series CPU Units all versions, and SYSMAC NX7 Database Connection CPU Units Ver.1.16 or later\"}]}], \"references\": [{\"url\": \"https://www.us-cert.gov/ics/advisories/icsa-19-346-02\"}, {\"url\": \"https://www.ia.omron.com/product/vulnerability/OMSR-2023-003_en.pdf\"}, {\"url\": \"https://www.fa.omron.co.jp/product/vulnerability/OMSR-2023-003_ja.pdf\"}, {\"url\": \"https://jvn.jp/en/ta/JVNTA91513661/\"}, {\"url\": \"https://jvn.jp/ta/JVNTA91513661/\"}, {\"url\": \"https://www.us-cert.gov/ics/advisories/icsa-20-063-03\"}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Insecure Design\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2023-06-19T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-27396\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-24T16:45:20.428Z\", \"dateReserved\": \"2023-03-15T00:00:00.000Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2023-06-19T00:00:00.000Z\", \"assignerShortName\": \"jpcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

cve-2023-27396

Vulnerability from jvndb

Published

2023-04-18 13:58

Modified

2024-05-23 17:35

Severity ?

9.8 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Security Issues in FINS protocol

Details

FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of Omron products. FINS commands enable to read/write information, conduct various operations and set the configuration on FINS-compliant devices. The supported FINS commands vary depending on the products. * I/O memory area read/write * Parameter area read/write * Program area read/write * Manage operation mode * System configuration read * CPU unit status read * Time information access * Message read/delete * Manage access privileges * Read fault history report, etc. * File operation * Forced set/reset FINS message consists of "FINS header", "FINS command code" and "parameter". When receiving a FINS command message, the entity conducts the operation corresponding to the "FINS command code", and sends the result as a response message to the destinations listed in "FINS header" of the command message. FINS protocol is designed with the assumptions that the network is closed inside the device, the production lines, or within the factory, and does not provide any encryption, data verification, nor authentication functions. Recent security researches show multiple issues on FINS protocol, under the conditions which FINS protocol does not consider, e.g., a FINS network is connected to other outside networks, FINS network can be physically accessed, etc. The following issues on FINS protocol have been reported: 1. Plaintext communication Encrypted communication is not defined in FINS protocol. FINS messages are transmitted unencrypted and the contents can be seen easily when intercepted. Also alterations of FINS messages cannot be detected. * Clear-text Transmission of Sensitive Information (CWE-319) * Insufficient Verification of Data Authenticity (CWE-345) 2. No authentication required Authentication is not defined in FINS protocol. Attacks from malicious devices cannot be detected. * Authentication Bypass by Spoofing (CWE-290) * Authentication Bypass by Capture-replay (CWE-294) * Missing Authentication for Critical Function (CWE-306) * Insufficient Verification of Data Authenticity (CWE-345) * Uncontrolled Resource Consumption (CWE-400) * Unrestricted Externally Accessible Lock(CWE-412) * Improper Control of Interaction Frequency (CWE-799) This document is written by Omron and JPCERT/CC.

References

Type

URL

	JVN	https://jvn.jp/en/ta/JVNTA91513661/
	CVE	https://www.cve.org/CVERecord?id=CVE-2023-27396
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-27396
	ICS-CERT ADVISORY	https://www.cisa.gov/news-events/ics-advisories/icsa-20-063-03
	ICS-CERT ADVISORY	https://www.cisa.gov/news-events/ics-advisories/icsa-19-346-02
	ICS-CERT ADVISORY	https://www.cisa.gov/news-events/ics-advisories/icsa-22-179-02
	Authentication Bypass by Spoofing(CWE-290)	https://cwe.mitre.org/data/definitions/290.html
	Authentication Bypass by Capture-replay(CWE-294)	https://cwe.mitre.org/data/definitions/294.html
	Missing Authentication for Critical Function(CWE-306)	https://cwe.mitre.org/data/definitions/306.html
	Cleartext Transmission of Sensitive Information(CWE-319)	https://cwe.mitre.org/data/definitions/319.html
	Insufficient Verification of Data Authenticity(CWE-345)	https://cwe.mitre.org/data/definitions/345.html
	Uncontrolled Resource Consumption ('Resource Exhaustion')(CWE-400)	https://cwe.mitre.org/data/definitions/400.html
	Unrestricted Externally Accessible Lock(CWE-412)	https://cwe.mitre.org/data/definitions/412.html
	Improper Control of Interaction Frequency(CWE-799)	https://cwe.mitre.org/data/definitions/799.html

Impacted products

Vendor

Product

	OMRON Corporation	SYSMAC CJ Series CPU Unit
	OMRON Corporation	SYSMAC CP Series CPU Unit
	OMRON Corporation	SYSMAC CS Series CPU Unit
	OMRON Corporation	SYSMAC NJ Series CPU Unit
	OMRON Corporation	SYSMAC NX102 Series CPU Unit
	OMRON Corporation	SYSMAC NX1P Series CPU Unit
	OMRON Corporation	SYSMAC NX7 Database Connection CPU Unit

Show details on JVN DB website