Authentication Bypass Vulnerability in OMRON Machine Automation Controllers
CVE-2022-33971

7.5HIGH

Key Information:

Vendor: Omron Corporation
Status: Machine Automation Controller Nj Series, Machine Automation Controller Nx Series, Automation Software 'sysmac Studio', And Programmable Terminal (pt) Na Series
Vendor: CVE Published:; 4 July 2022

🔔 Create Omron Corporation Vulnerability Alert

What is CVE-2022-33971?

An authentication bypass vulnerability exists in OMRON's NX7, NX1, and NJ series machine automation controllers, allowing adjacent attackers to exploit the communication between the controller and designated OMRON software. This vulnerability enables attackers to potentially execute unauthorized commands or cause a denial-of-service (DoS) condition, compromising the integrity of operations. The flaw is present in all models of the NX7 series with version V1.28 and earlier, NX1 series with version V1.48 and earlier, and NJ series with version V1.48 and earlier.

Affected Version(s)

Machine automation controller NJ series, Machine automation controller NX series, Automation software 'Sysmac Studio', and Programmable Terminal (PT) NA series Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier

References

https://jvn.jp/en/vu/JVNVU97050784/index.html

x_refsource_MISC

https://www.ia.omron.com/product/vulnerability/OMSR-2022-...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2022
Vulnerability Reserved
Jun 21, 2022