Connect with us

Hi, what are you looking for?



Omron Patches PLC, Engineering Software Flaws Discovered During ICS Malware Analysis

Omron has patched PLC and engineering software vulnerabilities discovered by Dragos during the analysis of ICS malware.

Japanese electronics giant Omron recently patched programmable logic controller (PLC) and engineering software vulnerabilities that were discovered by industrial cybersecurity firm Dragos during the analysis of a sophisticated piece of malware.

Last year, the US cybersecurity agency CISA informed organizations about three vulnerabilities affecting Omron NJ and NX-series controllers.

Dragos told SecurityWeek at the time that one of these flaws, a critical hardcoded credentials issue tracked as CVE-2022-34151 that can be used to access Omron PLCs, had been targeted by the industrial control system (ICS) attack framework known as Pipedream and Incontroller.

Pipedream is believed to be the work of a state-sponsored threat group, possibly linked to Russia.

Dragos determined last year that one of Pipedream’s components, named BadOmen, had exploited CVE-2022-34151 to interact with an HTTP server on targeted Omron NX/NJ controllers. BadOmen can be used to manipulate and cause disruption to physical processes.

During its research into the BadOmen malware, Dragos discovered additional vulnerabilities affecting Omron products, and CISA and the vendor have now released advisories to inform organizations about these new flaws and the availability of patches.

While these security holes were discovered during the analysis of the BadOmen malware, Reid Wightman, lead vulnerability analyst at Dragos, told SecurityWeek that they were not leveraged by malware and there is no evidence that they have been exploited in the wild. The bugs were found while investigating Omron equipment and related software. 

CISA and Omron have each published three separate advisories. One of them describes CVE-2022-45790, a high-severity vulnerability in Omron CJ/CS/CP series PLCs that use the FINS protocol, which is susceptible to brute-force attacks. 

Advertisement. Scroll to continue reading.

The two other advisories describe medium-severity flaws affecting Omron Engineering software: CVE-2022-45793, a Sysmac Studio weakness that can be exploited to alter files and execute arbitrary code; and CVE-2018-1002205, a Sysmac Studio and NX-IO Configurator Zip-Slip bug that can be used to write arbitrary files using specially crafted ZIP archives. 

Two of the vulnerabilities have been assigned 2022 CVEs because they were reported to Omron last year. “Sometimes vulnerabilities can take a while to fully address,” Wightman explained.

The flaw with the 2018 CVE impacts a third-party component used in Omron products. 

Researcher Michael Heinzl has also been credited by Omron for reporting this vulnerability. Heinzl previously discovered several high-severity remote code execution vulnerabilities in Omron’s CX-Programmer software.

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta

Related: APT Exploit Targeting Rockwell Automation Flaws Threatens Critical Infrastructure

Related: Recently Patched GE Cimplicity Vulnerabilities Reminiscent of Russian ICS Attacks

Related: Flaws in Omron HMI Product Exploitable via Malicious Project Files

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.