CVE-2023-38744 – A denial-of-service vulnerability exists in Omr... (How to Fix)

Q: What is the severity of CVE-2023-38744?

CVE-2023-38744 has a CVSS score of 7.5 (HIGH). A denial-of-service vulnerability exists in Omron CJ/CS Series industrial controllers due to improper input validation in their EtherNet/IP communication functions. Remote unauthenticated attackers can send specially crafted packets to crash affected units, disrupting industrial operations. This affects specific Omron PLC models with vulnerable firmware versions.

📋 TL;DR

A denial-of-service vulnerability exists in Omron CJ/CS Series industrial controllers due to improper input validation in their EtherNet/IP communication functions. Remote unauthenticated attackers can send specially crafted packets to crash affected units, disrupting industrial operations. This affects specific Omron PLC models with vulnerable firmware versions.

💻 Affected Systems

Products:

CJ2M CPU Unit
CJ2H CPU Unit
CS/CJ Series EtherNet/IP Unit CS1W-EIP21
CS/CJ Series EtherNet/IP Unit CJ1W-EIP21

Versions: CJ2M: Ver. 2.18 and earlier, CJ2H: Ver. 3.04 and earlier, CS1W-EIP21/CJ1W-EIP21: V3.04 and earlier

Operating Systems: Not applicable - embedded industrial controller firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects units with EtherNet/IP functionality enabled. Units without EtherNet/IP or with disabled ports are not vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Critical industrial processes are halted, causing production downtime, safety system failures, or equipment damage in manufacturing environments.

🟠

Likely Case

Targeted PLC units become unresponsive, requiring manual restart and causing temporary production interruptions.

🟢

If Mitigated

With network segmentation and proper controls, impact is limited to isolated network segments with minimal operational disruption.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires network access to EtherNet/IP port (typically TCP/44818). No authentication needed. Crafting malicious packets requires understanding of EtherNet/IP protocol.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: CJ2M: Update to later than Ver. 2.18, CJ2H: Update to later than Ver. 3.04, CS1W-EIP21/CJ1W-EIP21: Update to later than V3.04

Vendor Advisory: https://www.ia.omron.com/product/vulnerability/OMSR-2023-006_en.pdf

Restart Required: Yes

Instructions:

1. Download firmware update from Omron support portal. 2. Connect to PLC via programming cable. 3. Backup current program and settings. 4. Upload new firmware using CX-Programmer or similar tool. 5. Restart PLC and verify operation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate EtherNet/IP ports from untrusted networks using firewalls or VLANs

Port Restriction

all

Block TCP port 44818 at network perimeter for all non-essential traffic

🧯 If You Can't Patch

Implement strict network access controls to limit EtherNet/IP traffic to trusted sources only
Deploy intrusion detection systems to monitor for anomalous EtherNet/IP traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check firmware version via CX-Programmer software or physical unit labels. Verify if EtherNet/IP functionality is enabled.

Check Version:

Use CX-Programmer: Connect to PLC → PLC Information → Check Unit Version

Verify Fix Applied:

After update, confirm firmware version exceeds vulnerable versions. Test EtherNet/IP communication functionality.

📡 Detection & Monitoring

Log Indicators:

PLC error logs showing communication failures
Unexpected PLC restarts or fault conditions

Network Indicators:

Unusual traffic patterns to TCP/44818
Malformed EtherNet/IP packets from untrusted sources

SIEM Query:

source_port:44818 AND (packet_size:<100 OR packet_size:>1500) OR protocol:enip AND anomaly_score:>7

📊 Metadata

CVE ID: CVE-2023-38744

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-1284

Published: August 3, 2023

Last Updated: November 21, 2024

🔗 References

https://jvn.jp/en/vu/JVNVU92193064/ Third Party Advisory
https://www.ia.omron.com/product/vulnerability/OMSR-2023-006_en.pdf Vendor Advisory
https://jvn.jp/en/vu/JVNVU92193064/ Third Party Advisory
https://www.ia.omron.com/product/vulnerability/OMSR-2023-006_en.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38744, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Cj1w Eip21 Firmware by Omron

Cj2h Cpu64 Eip Firmware by Omron

Cj2h Cpu65 Eip Firmware by Omron

Cj2h Cpu66 Eip Firmware by Omron

Cj2h Cpu67 Eip Firmware by Omron

Cj2h Cpu68 Eip Firmware by Omron

Cj2m Cpu31 Firmware by Omron

Cj2m Cpu32 Firmware by Omron

Cj2m Cpu33 Firmware by Omron

Cj2m Cpu34 Firmware by Omron

Cj2m Cpu35 Firmware by Omron

Cs1w Eip21 Firmware by Omron