CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

100 matches found

Prion•added 2022/07/26 10:15 p.m.•14 views

Authentication flaw

The Omron SYSMAC Cx product family PLCs CS series, CJ series, and CP series through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS 9600/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. This protocol has authentication...

7.5CVSS9.9AI score0.00238EPSS

Exploits0References2Affected Software6

Prion•added 2022/07/26 10:15 p.m.•18 views

Design/Logic Flaw

The Omron SYSMAC Nx product family PLCs NJ series, NY series, NX series, and PMAC series through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software which compiles IEC 61131-3 conformant POU code to native machine code for execution...

7.5CVSS9.8AI score0.00311EPSS

Exploits0References2Affected Software25

CVE•added 2022/07/26 9:28 p.m.•84 views

CVE-2022-31207

The CVE-2022-31207 issue affects Omron SYSMAC CS/CJ/CP Series and NJ/NX Series PLCs (through 2022-05-18). The root cause is lack of cryptographic authentication for the FINS (9600/TCP) engineering protocol, allowing an attacker to manipulate downloaded object code that the PLC runs either in ASIC...

9.8CVSS9.9AI score0.00238EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/07/26 9:28 p.m.•17 views

CVE-2022-31207

10AI score0.00238EPSS

Exploits0References2

Cvelist•added 2022/07/26 9:28 p.m.•19 views

CVE-2022-31206

10AI score0.00311EPSS

Exploits0References2

CVE•added 2022/07/26 9:28 p.m.•85 views

CVE-2022-31206

CVE-2022-31206 affects Omron SYSMAC Nx product family PLCs (NJ/NY/NX/PMAC) prior to 2022-05-18. The issue is that the transferred PLC logic is not cryptographically authenticated, allowing an attacker to modify transmitted object code and execute arbitrary machine code on the PLC CPU module withi...

9.8CVSS9.7AI score0.00311EPSS

Exploits0References2Affected Software1

BDU FSTEC•added 2022/07/11 12:0 a.m.•1 views

The vulnerability lies in the communication functions between the Omron NJ/NX automation controller, the Omron Sysmac Studio automation software, and the programmable terminal Omron NA. This vulnerability allows a perpetrator to gain access to the controller.

The vulnerability of the communication functions between Omron NJ/NX automation controllers, the Omron Sysmac Studio automation software, and the programmable terminal Omron NA lies in the ability to bypass the authentication process by using capture-replay techniques for intercepted parameters...

6.8CVSS0.01226EPSS

Exploits0References4Affected Software8

BDU FSTEC•added 2022/07/11 12:0 a.m.•2 views

The vulnerability of communication functions between Omron NJ/NX automation controllers, Omron Sysmac Studio automation software, and Omron NA programmable terminals is related to the use of rigidly encoded account data. Exploiting this vulnerability can allow a malicious actor to gain access to...

7.7CVSS0.01253EPSS

Exploits0References5Affected Software8

ATTACKERKB•added 2022/07/04 2:15 a.m.•1 views

CVE-2022-33208

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software...

8.1CVSS5.8AI score0.01226EPSS

Exploits0References3Affected Software1

NVD•added 2022/07/04 2:15 a.m.•28 views

CVE-2022-34151

Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac...

9.4CVSS0.01253EPSS

Exploits0References2

ATTACKERKB•added 2022/07/04 2:15 a.m.•125 views

CVE-2022-34151

8.1CVSS7.4AI score0.01253EPSS

In wildExploits0References3Affected Software1

OSV•added 2022/07/04 2:15 a.m.•1 views

CVE-2022-33208

8.1CVSS7.3AI score

Exploits0References2

OSV•added 2022/07/04 2:15 a.m.•1 views

CVE-2022-34151

8.1CVSS7.3AI score

Exploits0References2

NVD•added 2022/07/04 2:15 a.m.•11 views

CVE-2022-33208

8.1CVSS0.01226EPSS

Exploits0References2

Prion•added 2022/07/04 2:15 a.m.•27 views

Hardcoded credentials

6.8CVSS7.9AI score0.01253EPSS

Exploits0References2Affected Software57

CVE•added 2022/07/04 1:51 a.m.•204 views

CVE-2022-34151

CVE-2022-34151 affects Omron NJ/NX-series Machine Automation Controllers, Sysmac Studio, and NA-series PTs. Root cause: hard-coded credentials in affected components may let a remote attacker obtain credentials and access the controller. Affected versions: NJ/NX controllers (NJ1/NJ series up to v...

9.4CVSS7.9AI score0.01253EPSS

In wildExploits0References2Affected Software1

Vulnrichment•added 2022/07/04 1:51 a.m.•3 views

CVE-2022-34151

7.3AI score0.01253EPSS

Exploits0References2

CVE•added 2022/07/04 1:50 a.m.•94 views

CVE-2022-33208

CVE-2022-33208 is an authentication bypass by capture-replay affecting Omron NJ/NX-series Machine Automation Controllers (NJ 1.48 and earlier; NX7 1.28 and earlier; NX1 1.48 and earlier), Sysmac Studio (≤1.49), and NA-series PT runtimes (NA5-15W/12W/9W/7W ≤1.15). A remote attacker who can analyze...

8.1CVSS7.9AI score0.01226EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/07/04 1:50 a.m.•35 views

CVE-2022-33208

8.2AI score0.01226EPSS

Exploits0References2

CNNVD•added 2022/07/04 12:0 a.m.•2 views

多款Omron产品安全漏洞

Omron Machine automation controller NX7 series and so on are the products of Omron Corporation of Japan.Omron Machine automation controller NX7 series is a series of machine automation controllers.Omron Machine Omron Machine automation controller NX1 series is a series of machine automation...

8.1CVSS8AI score0.01226EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by