CVE-2022-34151

HIGH EXPLOITED IN THE WILD

Machine automation controller <1.48 - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2022-34151 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller.

References (2)

Core 2

Core References

Mitigation, Vendor Advisory x_refsource_misc

https://www.ia.omron.com/product/vulnerability/OMSR-2022-001_en.pdf

Third Party Advisory, VDB Entry x_refsource_misc

https://jvn.jp/en/vu/JVNVU97050784/index.html

Scores

CVSS v3 8.1

EPSS 0.0109

EPSS Percentile 61.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2022-08-13

InTheWild.io 2022-10-27

CWE

CWE-798

Status published

Products (50)

omron/na5-12w_firmware < 1.15

omron/na5-15w_firmware < 1.15

omron/na5-7w_firmware < 1.15

omron/na5-9w_firmware < 1.15

omron/nj-pa3001_firmware < 1.48

omron/nj-pd3001_firmware < 1.48

omron/nj101-1000_firmware < 1.48

omron/nj101-1020_firmware < 1.48

omron/nj101-9000_firmware < 1.48

omron/nj101-9020_firmware < 1.48

... and 40 more

Published Jul 04, 2022

Tracked Since Feb 18, 2026