CVE-2022-33208

HIGH

Machine automation controller - Auth Bypass

Title source: llm

Description

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller.

References (2)

[Mitigation, Vendor Advisory] https://www.ia.omron.com/product/vulnerability/OMSR-2022-001_en.pdf

[Third Party Advisory, VDB Entry] https://jvn.jp/en/vu/JVNVU97050784/index.html

Scores

CVSS v3 8.1

EPSS 0.0034

EPSS Percentile 56.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-294

Status published

Products (50)

omron/na5-12w_firmware < 1.15

omron/na5-15w_firmware < 1.15

omron/na5-7w_firmware < 1.15

omron/na5-9w_firmware < 1.15

omron/nj-pa3001_firmware < 1.48

omron/nj-pd3001_firmware < 1.48

omron/nj101-1000_firmware < 1.48

omron/nj101-1020_firmware < 1.48

omron/nj101-9000_firmware < 1.48

omron/nj101-9020_firmware < 1.48

... and 40 more

Published Jul 04, 2022

Tracked Since Feb 18, 2026