Least Privilege Violation in NJ/NX-series Machine Automation Controllers by Omron
CVE-2025-1384

7HIGH

Key Information:

Vendor: Omron Corporation
Status: Machine Automation Controller Nj-series; Machine Automation Controller Nx-series; Sysmac Studio Software
Vendor: CVE Published:; 14 July 2025

🔔 Create Omron Corporation Vulnerability Alert

What is CVE-2025-1384?

A vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and Sysmac Studio Software. This flaw allows attackers to exploit least privilege violations, potentially gaining unauthorized access to the controller and executing remote code. It is crucial for users of these products to address this vulnerability to ensure the security of their operations and prevent unauthorized manipulation.

Affected Version(s)

Machine Automation Controller NJ-series NJ101-[][][][] Ver.1.67.00 or lower

Machine Automation Controller NJ-series NJ301-1[]00 Ver.1.67.00 or lower

Machine Automation Controller NJ-series NJ501-1[]00 Ver.1.67.02 or lower

References

https://www.fa.omron.co.jp/product/security/assets/pdf/en...

https://www.fa.omron.co.jp/product/security/assets/pdf/ja...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2025