CVE-2022-33971

EPSS 0.02%
Published 04.07.2022 02:15:07
Last modified 21.11.2024 07:08:41
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Omron ≫ Nx701-1600 Firmware Version <= 1.28

Omron ≫ Nx701-1600 Version-

Omron ≫ Nx701-1700 Firmware Version <= 1.28

Omron ≫ Nx701-1700 Version-

Omron ≫ Nx701-z700 Firmware Version <= 1.28

Omron ≫ Nx701-z700 Version-

Omron ≫ Nx701-z600 Firmware Version <= 1.28

Omron ≫ Nx701-z600 Version-

Omron ≫ Nx701-1720 Firmware Version <= 1.28

Omron ≫ Nx701-1720 Version-

Omron ≫ Nx701-1620 Firmware Version <= 1.28

Omron ≫ Nx701-1620 Version-

Omron ≫ Nx102-1200 Firmware Version <= 1.48

Omron ≫ Nx102-1200 Version-

Omron ≫ Nx102-1100 Firmware Version <= 1.48

Omron ≫ Nx102-1100 Version-

Omron ≫ Nx102-1000 Firmware Version <= 1.48

Omron ≫ Nx102-1000 Version-

Omron ≫ Nx102-1220 Firmware Version <= 1.48

Omron ≫ Nx102-1220 Version-

Omron ≫ Nx102-1120 Firmware Version <= 1.48

Omron ≫ Nx102-1120 Version-

Omron ≫ Nx102-1020 Firmware Version <= 1.48

Omron ≫ Nx102-1020 Version-

Omron ≫ Nx102-9020 Firmware Version <= 1.48

Omron ≫ Nx102-9020 Version-

Omron ≫ Nx1p2-1140dt Firmware Version <= 1.48

Omron ≫ Nx1p2-1140dt Version-

Omron ≫ Nx1p2-1140dt1 Firmware Version <= 1.48

Omron ≫ Nx1p2-1140dt1 Version-

Omron ≫ Nx1p2-1040dt Firmware Version <= 1.48

Omron ≫ Nx1p2-1040dt Version-

Omron ≫ Nx1p2-1040dt1 Firmware Version <= 1.48

Omron ≫ Nx1p2-1040dt1 Version-

Omron ≫ Nx1p2-9024dt Firmware Version <= 1.48

Omron ≫ Nx1p2-9024dt Version-

Omron ≫ Nx1p2-9024dt1 Firmware Version <= 1.48

Omron ≫ Nx1p2-9024dt1 Version-

Omron ≫ Nx1w-cif01 Firmware Version <= 1.48

Omron ≫ Nx1w-cif01 Version-

Omron ≫ Nx1w-cif11 Firmware Version <= 1.48

Omron ≫ Nx1w-cif11 Version-

Omron ≫ Nx1w-cif12 Firmware Version <= 1.48

Omron ≫ Nx1w-cif12 Version-

Omron ≫ Nx1w-adb21 Firmware Version <= 1.48

Omron ≫ Nx1w-adb21 Version-

Omron ≫ Nx1w-dab21v Firmware Version <= 1.48

Omron ≫ Nx1w-dab21v Version-

Omron ≫ Nx1w-mab221 Firmware Version <= 1.48

Omron ≫ Nx1w-mab221 Version-

Omron ≫ Nj501-1500 Firmware Version <= 1.48

Omron ≫ Nj501-1500 Version-

Omron ≫ Nj501-140 Firmware Version <= 1.48

Omron ≫ Nj501-140 Version-

Omron ≫ Nj501-1300 Firmware Version <= 1.48

Omron ≫ Nj501-1300 Version-

Omron ≫ Nj501-r500 Firmware Version <= 1.48

Omron ≫ Nj501-r500 Version-

Omron ≫ Nj501-r520 Firmware Version <= 1.48

Omron ≫ Nj501-r520 Version-

Omron ≫ Nj501-r400 Firmware Version <= 1.48

Omron ≫ Nj501-r400 Version-

Omron ≫ Nj501-r420 Firmware Version <= 1.48

Omron ≫ Nj501-r420 Version-

Omron ≫ Nj501-r300 Firmware Version <= 1.48

Omron ≫ Nj501-r300 Version-

Omron ≫ Nj501-r320 Firmware Version <= 1.48

Omron ≫ Nj501-r320 Version-

Omron ≫ Nj501-5300 Firmware Version <= 1.48

Omron ≫ Nj501-5300 Version-

Omron ≫ Nj501-1520 Firmware Version <= 1.48

Omron ≫ Nj501-1520 Version-

Omron ≫ Nj501-1420 Firmware Version <= 1.48

Omron ≫ Nj501-1420 Version-

Omron ≫ Nj501-1320 Firmware Version <= 1.48

Omron ≫ Nj501-1320 Version-

Omron ≫ Nj101-1020 Firmware Version <= 1.48

Omron ≫ Nj101-1020 Version-

Omron ≫ Nj101-9020 Firmware Version <= 1.48

Omron ≫ Nj101-9020 Version-

Omron ≫ Nj501-1340 Firmware Version <= 1.48

Omron ≫ Nj501-1340 Version-

Omron ≫ Nj501-4500 Firmware Version <= 1.48

Omron ≫ Nj501-4500 Version-

Omron ≫ Nj501-4400 Firmware Version <= 1.48

Omron ≫ Nj501-4400 Version-

Omron ≫ Nj501-4300 Firmware Version <= 1.48

Omron ≫ Nj501-4300 Version-

Omron ≫ Nj501-4310 Firmware Version <= 1.48

Omron ≫ Nj501-4310 Version-

Omron ≫ Nj501-4320 Firmware Version <= 1.48

Omron ≫ Nj501-4320 Version-

Omron ≫ Nj301-1200 Firmware Version < 1.48

Omron ≫ Nj301-1200 Version-

Omron ≫ Nj301-1100 Firmware Version <= 1.48

Omron ≫ Nj301-1100 Version-

Omron ≫ Nj101-1000 Firmware Version <= 1.48

Omron ≫ Nj101-1000 Version-

Omron ≫ Nj101-9000 Firmware Version <= 1.48

Omron ≫ Nj101-9000 Version-

Omron ≫ Nj-pa3001 Firmware Version <= 1.48

Omron ≫ Nj-pa3001 Version-

Omron ≫ Nj-pd3001 Firmware Version <= 1.48

Omron ≫ Nj-pd3001 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.042

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.4	5.5	6.4	AV:A/AC:M/Au:N/C:P/I:P/A:P

CWE-294 Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

https://jvn.jp/en/vu/JVNVU97050784/index.html

Third Party Advisory

VDB Entry

https://www.ia.omron.com/product/vulnerability/OMSR-2022-002_en.pdf

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-33971

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-33971

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-33971

EUVD