CVE-2024-33687

high-risk

Published 2024-06-24

Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration.

Do I need to act?

0.21% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Nj101-1000 Firmware

Nj101-1020 Firmware

Nj101-9000 Firmware

Nj101-9020 Firmware

Nj301-1100 Firmware

Nj301-1200 Firmware

Nj501-1300 Firmware

Nj501-1320 Firmware

Nj501-1340 Firmware

Nj501-140 Firmware

Nj501-1400 Firmware

Nj501-1420 Firmware

Nj501-1500 Firmware

Nj501-1520 Firmware

Nj501-4300 Firmware

Nj501-4310 Firmware

Nj501-4320 Firmware

Nj501-4400 Firmware

Nj501-4500 Firmware

Nj501-5300 Firmware

Affected Vendors

Omron

References (4)

Third Party Advisory https://jvn.jp/en/vu/JVNVU92504444/

Vendor Advisory https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-004_en.pdf

Third Party Advisory https://jvn.jp/en/vu/JVNVU92504444/

Vendor Advisory https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-004_en.pdf

/ 100

high-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 26/34 · High