Exploiting Omron's NEX PLC Runtime And Protocol
Logan Carpenter
S4x24 - ICS Security Conference · Day 3 · Stage 3
This talk, delivered by Logan Carpenter, a malware analyst at Dragos, delves into the critical vulnerabilities discovered within Omron's NEX industrial control system (ICS) protocol and runtime environment. Carpenter’s research builds upon prior analysis of the notorious PipeDream malware, specifically its Bad Omen module, which targeted Omron programmable logic controllers (PLCs). The presentation highlights a significant blind spot in ICS security: the prevalence of undocumented, proprietary protocols and the inherent risks they pose when combined with common embedded system vulnerabilities like hardcoded credentials and root-privileged services.
AI review
Carpenter's deep dive into Omron's NEX protocol is precisely the kind of no-bullshit research this industry needs. Building on the PipeDream analysis, he didn't just rehash findings; he systematically uncovered a staggering 170 undocumented commands, exposed hardcoded vendor incompetence, and demonstrated dynamic operational disruption capabilities far beyond what Bad Omen achieved. This isn't theoretical; it's a stark, live-demoed reality check for Omron and a critical intelligence drop for anyone defending industrial systems.