CVE-2022-34151

high-risk

Published 2022-07-04

Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller.

Do I need to act?

1.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / HIGH complexity

Affected Products (20)

Nx701-1600 Firmware

Nx701-1700 Firmware

Nx701-Z700 Firmware

Nx701-Z600 Firmware

Nx701-1720 Firmware

Nx701-1620 Firmware

Nx102-1200 Firmware

Nx102-1100 Firmware

Nx102-1000 Firmware

Nx102-1220 Firmware

Nx102-1120 Firmware

Nx102-1020 Firmware

Nx102-9020 Firmware

Nx1P2-1140Dt Firmware

Nx1P2-1140Dt1 Firmware

Nx1P2-1040Dt Firmware

Nx1P2-1040Dt1 Firmware

Nx1P2-9024Dt Firmware

Nx1P2-9024Dt1 Firmware

Nx1W-Cif01 Firmware

Affected Vendors

Omron

References (4)

Third Party Advisory https://jvn.jp/en/vu/JVNVU97050784/index.html

Mitigation https://www.ia.omron.com/product/vulnerability/OMSR-2022-001_en.pdf

Third Party Advisory https://jvn.jp/en/vu/JVNVU97050784/index.html

Mitigation https://www.ia.omron.com/product/vulnerability/OMSR-2022-001_en.pdf

/ 100

high-risk

Severity 24/34 · High

Exploitability 3/34 · Minimal

Exposure 26/34 · High