CVE-2022-33208 — HIGH (8.1)

Q: How severe is CVE-2022-33208?

CVE-2022-33208 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-33208?

Check the references section above for vendor advisories and patch information. Affected products include: Omron Nx701-1600 Firmware, Omron Nx701-1600, Omron Nx701-1700 Firmware, Omron Nx701-1700, Omron Nx701-Z700 Firmware.

Vulnerability Description

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Omron	Nx701-1600 Firmware	<= 1.28
Omron	Nx701-1600	-
Omron	Nx701-1700 Firmware	<= 1.28
Omron	Nx701-1700	-
Omron	Nx701-Z700 Firmware	<= 1.28
Omron	Nx701-Z700	-
Omron	Nx701-Z600 Firmware	<= 1.28
Omron	Nx701-Z600	-
Omron	Nx701-1720 Firmware	<= 1.28
Omron	Nx701-1720	-
Omron	Nx701-1620 Firmware	<= 1.28
Omron	Nx701-1620	-
Omron	Nx102-1200 Firmware	<= 1.48
Omron	Nx102-1200	-
Omron	Nx102-1100 Firmware	<= 1.48
Omron	Nx102-1100	-
Omron	Nx102-1000 Firmware	<= 1.48
Omron	Nx102-1000	-
Omron	Nx102-1220 Firmware	<= 1.48
Omron	Nx102-1220	-

Related Weaknesses (CWE)

CWE-294

References

https://jvn.jp/en/vu/JVNVU97050784/index.htmlThird Party AdvisoryVDB Entry
https://www.ia.omron.com/product/vulnerability/OMSR-2022-001_en.pdfMitigationVendor Advisory
https://jvn.jp/en/vu/JVNVU97050784/index.htmlThird Party AdvisoryVDB Entry
https://www.ia.omron.com/product/vulnerability/OMSR-2022-001_en.pdfMitigationVendor Advisory

FAQ

What is CVE-2022-33208?

CVE-2022-33208 is a vulnerability with a CVSS score of 8.1 (HIGH). Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and ear...

How severe is CVE-2022-33208?

CVE-2022-33208 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-33208?

Check the references section above for vendor advisories and patch information. Affected products include: Omron Nx701-1600 Firmware, Omron Nx701-1600, Omron Nx701-1700 Firmware, Omron Nx701-1700, Omron Nx701-Z700 Firmware.