Authentication Bypass Vulnerability in Omron Machine Automation Controllers and Software
CVE-2022-33208
What is CVE-2022-33208?
An authentication bypass vulnerability in Omron's machine automation controllers and Sysmac Studio software allows remote attackers to exploit an insecure communication channel. By analyzing the data exchanged between the affected controllers and automation software or programmable terminals, attackers may gain unauthorized access, enabling potential manipulation of industrial processes and systems. Users of NJ series, NX7 series, NX1 series controllers, Sysmac Studio, and certain Programmable Terminals are advised to assess their vulnerability and apply necessary updates or mitigations.
Affected Version(s)
Machine automation controller NJ series, Machine automation controller NX series, Automation software 'Sysmac Studio', and Programmable Terminal (PT) NA series Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier