Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to OMRON Corporation - Automation software "Sysmac Studio"

jvndb-2022-002691

Vulnerability from jvndb

Published

2022-11-10 09:46

Modified

2022-11-10 09:46

Severity ?

9.4 (Critical) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Summary

Multiple vulnerabilities in OMRON products

Details

Machine automation controller NJ/NX series, Automation software "Sysmac Studio", and programmable terminal (PT) NA series provided by OMRON Corporation contain multiple vulnerabilities in the communication function. The vulnerabilities are as follows. * Use of Hard-coded Credentials (CWE-798) - CVE-2022-34151 * Authentication Bypass by Capture-replay (CWE-294) - CVE-2022-33208 * Active Debug Code (CWE-489) - CVE-2022-33971 OMRON Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

References

▼	Type	URL
	JVN	https://jvn.jp/en/vu/JVNVU97050784/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-34151
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-33208
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-33971
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-34151
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-33208
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-33971
	US-CERT National Cyber Awareness System Alerts	https://www.cisa.gov/uscert/ncas/alerts/aa22-103a
	Authentication Bypass by Capture-replay(CWE-294)	https://cwe.mitre.org/data/definitions/294.html
	Active Debug Code(CWE-489)	https://cwe.mitre.org/data/definitions/489.html
	Use of Hard-coded Credentials(CWE-798)	https://cwe.mitre.org/data/definitions/798.html

Impacted products

▼	Vendor	Product
	OMRON Corporation	Automation software "Sysmac Studio"
	OMRON Corporation	Machine automation controller NJ series
	OMRON Corporation	Machine automation controller NX series
	OMRON Corporation	Programmable terminal (PT) NA series

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002691.html",
  "dc:date": "2022-11-10T09:46+09:00",
  "dcterms:issued": "2022-11-10T09:46+09:00",
  "dcterms:modified": "2022-11-10T09:46+09:00",
  "description": "Machine automation controller NJ/NX series, Automation software \"Sysmac Studio\", and programmable terminal (PT) NA series provided by OMRON Corporation contain multiple vulnerabilities in the communication function.\r\nThe vulnerabilities are as follows.\r\n\r\n  * Use of Hard-coded Credentials (CWE-798) - CVE-2022-34151\r\n  * Authentication Bypass by Capture-replay (CWE-294) - CVE-2022-33208\r\n  * Active Debug Code (CWE-489) - CVE-2022-33971\r\n\r\nOMRON Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002691.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:omron:automation_software_sysmac_studio",
      "@product": "Automation software \"Sysmac Studio\"",
      "@vendor": "OMRON Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:omron:machine_automation_controller_nj_series",
      "@product": "Machine automation controller NJ series",
      "@vendor": "OMRON Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:omron:machine_automation_controller_nx_series",
      "@product": "Machine automation controller NX series",
      "@vendor": "OMRON Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:omron:programmable_terminal_na_series",
      "@product": "Programmable terminal (PT) NA series",
      "@vendor": "OMRON Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "9.4",
    "@severity": "Critical",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2022-002691",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU97050784/index.html",
      "@id": "JVNVU#97050784",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-34151",
      "@id": "CVE-2022-34151",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-33208",
      "@id": "CVE-2022-33208",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-33971",
      "@id": "CVE-2022-33971",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-34151",
      "@id": "CVE-2022-34151",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-33208",
      "@id": "CVE-2022-33208",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-33971",
      "@id": "CVE-2022-33971",
      "@source": "NVD"
    },
    {
      "#text": "https://www.cisa.gov/uscert/ncas/alerts/aa22-103a",
      "@id": "AA22-103A",
      "@source": "US-CERT National Cyber Awareness System Alerts"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/294.html",
      "@id": "CWE-294",
      "@title": "Authentication Bypass by Capture-replay(CWE-294)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/489.html",
      "@id": "CWE-489",
      "@title": "Active Debug Code(CWE-489)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/798.html",
      "@id": "CWE-798",
      "@title": "Use of Hard-coded Credentials(CWE-798)"
    }
  ],
  "title": "Multiple vulnerabilities in OMRON products"
}