CVE-2022-33971

moderate-risk

Published 2022-07-04

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

ADJACENT_NETWORK / HIGH complexity

Affected Products (20)

Nx701-1600 Firmware

Nx701-1700 Firmware

Nx701-Z700 Firmware

Nx701-Z600 Firmware

Nx701-1720 Firmware

Nx701-1620 Firmware

Nx102-1200 Firmware

Nx102-1100 Firmware

Nx102-1000 Firmware

Nx102-1220 Firmware

Nx102-1120 Firmware

Nx102-1020 Firmware

Nx102-9020 Firmware

Nx1P2-1140Dt Firmware

Nx1P2-1140Dt1 Firmware

Nx1P2-1040Dt Firmware

Nx1P2-1040Dt1 Firmware

Nx1P2-9024Dt Firmware

Nx1P2-9024Dt1 Firmware

Nx1W-Cif01 Firmware

Affected Vendors

Omron

References (4)

Third Party Advisory https://jvn.jp/en/vu/JVNVU97050784/index.html

Mitigation https://www.ia.omron.com/product/vulnerability/OMSR-2022-002_en.pdf

Third Party Advisory https://jvn.jp/en/vu/JVNVU97050784/index.html

Mitigation https://www.ia.omron.com/product/vulnerability/OMSR-2022-002_en.pdf

/ 100

moderate-risk

Severity 20/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 26/34 · High