Security Flaw in OMRON's Factory Automation Network Communication Protocol
CVE-2023-27396
What is CVE-2023-27396?
The FINS protocol, utilized in OMRON's Factory Automation systems, exhibits significant security vulnerabilities including unencrypted communication and a lack of required authentication. This allows attackers to intercept and access FINS messages, potentially executing commands or retrieving sensitive system information from affected devices. Various SYSMAC CPU Units versions are compromised, making it imperative for users to assess and mitigate associated risks to ensure the security of their industrial environments.
Affected Version(s)
Multiple OMRON products which implement FINS protocol SYSMAC CS-series CPU Units all versions, SYSMAC CJ-series CPU Units all versions, SYSMAC CP-series CPU Units all versions, SYSMAC NJ-series CPU Units all versions, SYSMAC NX1P-series CPU Units all versions, SYSMAC NX102-series CPU Units all versions, and SYSMAC NX7 Database Connection CPU Units Ver.1.16 or later