Sophisticated industrial control system
framework Pipedream, also known as Incontroller, has been targeting a critical hardcoded credentials flaw in Omron programmable logic controllers, tracked as CVE-2022-34151, SecurityWeek
CVE-2022-34151 is being exploited by the BadOmen component of Pipedream to facilitate HTTP server interactions on targeted Omron NX/NJ controllers, a report from Dragos found. Aside from enabling physical process manipulation and disruption, BadOmen, like the Triton ICS malware, could also compromise safety controllers.
"Real-world impact varies based on what the controller is actually doing. An attacker may use the most significant of the vulnerabilities to persist on the controller, where they may modify the PLCs running logic at any time. This could allow them to turn on and off pumps, lights, or other equipment, against the wishes of the operator. In the case of safety systems, this may be used to prevent safety operations from happening imagine pressing the panic stop button, and it does not do anything," said Dragos Lead Vulnerability Researcher Reid Wightman.
While CISA has warned about Omron and Schneider Electric PLCs being targeted by Pipedream, it has yet to include CVE-2022-34151 in its Known Exploited Vulnerabilities catalog.