Type a vendor name or a vulnerability id.



All the vulnerabilites related to OMRON Corporation - Automation software "Sysmac Studio"
jvndb-2022-002691
Vulnerability from jvndb
Published
2022-11-10 09:46
Modified
2022-11-10 09:46
Severity
9.4 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Summary
Multiple vulnerabilities in OMRON products
Details
Machine automation controller NJ/NX series, Automation software "Sysmac Studio", and programmable terminal (PT) NA series provided by OMRON Corporation contain multiple vulnerabilities in the communication function. The vulnerabilities are as follows. * Use of Hard-coded Credentials (CWE-798) - CVE-2022-34151 * Authentication Bypass by Capture-replay (CWE-294) - CVE-2022-33208 * Active Debug Code (CWE-489) - CVE-2022-33971 OMRON Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
TypeURL
JVN https://jvn.jp/en/vu/JVNVU97050784/index.html
CVE https://www.cve.org/CVERecord?id=CVE-2022-34151
CVE https://www.cve.org/CVERecord?id=CVE-2022-33208
CVE https://www.cve.org/CVERecord?id=CVE-2022-33971
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-34151
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-33208
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-33971
US-CERT National Cyber Awareness System Alerts https://www.cisa.gov/uscert/ncas/alerts/aa22-103a
Authentication Bypass by Capture-replay(CWE-294) https://cwe.mitre.org/data/definitions/294.html
Active Debug Code(CWE-489) https://cwe.mitre.org/data/definitions/489.html
Use of Hard-coded Credentials(CWE-798) https://cwe.mitre.org/data/definitions/798.html
Impacted products
VendorProduct
OMRON CorporationAutomation software "Sysmac Studio"
OMRON CorporationMachine automation controller NJ series
OMRON CorporationMachine automation controller NX series
OMRON CorporationProgrammable terminal (PT) NA series
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002691.html",
  "dc:date": "2022-11-10T09:46+09:00",
  "dcterms:issued": "2022-11-10T09:46+09:00",
  "dcterms:modified": "2022-11-10T09:46+09:00",
  "description": "Machine automation controller NJ/NX series, Automation software \"Sysmac Studio\", and programmable terminal (PT) NA series provided by OMRON Corporation contain multiple vulnerabilities in the communication function.\r\nThe vulnerabilities are as follows.\r\n\r\n  * Use of Hard-coded Credentials (CWE-798) - CVE-2022-34151\r\n  * Authentication Bypass by Capture-replay (CWE-294) - CVE-2022-33208\r\n  * Active Debug Code (CWE-489) - CVE-2022-33971\r\n\r\nOMRON Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002691.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:omron:automation_software_sysmac_studio",
      "@product": "Automation software \"Sysmac Studio\"",
      "@vendor": "OMRON Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:omron:machine_automation_controller_nj_series",
      "@product": "Machine automation controller NJ series",
      "@vendor": "OMRON Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:omron:machine_automation_controller_nx_series",
      "@product": "Machine automation controller NX series",
      "@vendor": "OMRON Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:omron:programmable_terminal_na_series",
      "@product": "Programmable terminal (PT) NA series",
      "@vendor": "OMRON Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "9.4",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2022-002691",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU97050784/index.html",
      "@id": "JVNVU#97050784",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-34151",
      "@id": "CVE-2022-34151",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-33208",
      "@id": "CVE-2022-33208",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-33971",
      "@id": "CVE-2022-33971",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-34151",
      "@id": "CVE-2022-34151",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-33208",
      "@id": "CVE-2022-33208",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-33971",
      "@id": "CVE-2022-33971",
      "@source": "NVD"
    },
    {
      "#text": "https://www.cisa.gov/uscert/ncas/alerts/aa22-103a",
      "@id": "AA22-103A",
      "@source": "US-CERT National Cyber Awareness System Alerts"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/294.html",
      "@id": "CWE-294",
      "@title": "Authentication Bypass by Capture-replay(CWE-294)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/489.html",
      "@id": "CWE-489",
      "@title": "Active Debug Code(CWE-489)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/798.html",
      "@id": "CWE-798",
      "@title": "Use of Hard-coded Credentials(CWE-798)"
    }
  ],
  "title": "Multiple vulnerabilities in OMRON products"
}