CVE-2022-33971
7.5
Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.6 / Impact: 5.9
Source: NVD
Description
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program.
Affected (52)
Products: Omron: Nx701 1600 Firmware, Nx701 1700 Firmware, Nx701 Z700 Firmware, Nx701 Z600 Firmware, Nx701 1720 Firmware, Nx701 1620 Firmware, Nx102 1200 Firmware, Nx102 1100 Firmware, Nx102 1000 Firmware, Nx102 1220 Firmware, Nx102 1120 Firmware, Nx102 1020 Firmware, Nx102 9020 Firmware, Nx1p2 1140dt Firmware, Nx1p2 1140dt1 Firmware, Nx1p2 1040dt Firmware, Nx1p2 1040dt1 Firmware, Nx1p2 9024dt Firmware, Nx1p2 9024dt1 Firmware, Nx1w Cif01 Firmware, Nx1w Cif11 Firmware, Nx1w Cif12 Firmware, Nx1w Adb21 Firmware, Nx1w Dab21v Firmware, Nx1w Mab221 Firmware, Nj501 1500 Firmware, Nj501 140 Firmware, Nj501 1300 Firmware, Nj501 R500 Firmware, Nj501 R520 Firmware, Nj501 R400 Firmware, Nj501 R420 Firmware, Nj501 R300 Firmware, Nj501 R320 Firmware, Nj501 5300 Firmware, Nj501 1520 Firmware, Nj501 1420 Firmware, Nj501 1320 Firmware, Nj101 1020 Firmware, Nj101 9020 Firmware, Nj501 1340 Firmware, Nj501 4500 Firmware, Nj501 4400 Firmware, Nj501 4300 Firmware, Nj501 4310 Firmware, Nj501 4320 Firmware, Nj301 1200 Firmware, Nj301 1100 Firmware, Nj101 1000 Firmware, Nj101 9000 Firmware, Nj Pa3001 Firmware, Nj Pd3001 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.28 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx701 1600 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.28 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx701 1700 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.28 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx701 Z700 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.28 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx701 Z600 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.28 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx701 1720 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.28 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx701 1620 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx102 1200 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx102 1100 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx102 1000 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx102 1220 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx102 1120 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx102 1020 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx102 9020 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx1p2 1140dt | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx1p2 1140dt1 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx1p2 1040dt | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx1p2 1040dt1 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx1p2 9024dt | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx1p2 9024dt1 | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx1w Cif01 | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx1w Cif11 | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx1w Cif12 | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx1w Adb21 | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx1w Dab21v | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nx1w Mab221 | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 1500 | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 140 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 1300 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 R500 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 R520 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 R400 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 R420 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 R300 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 R320 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 5300 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 1520 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 1420 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 1320 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj101 1020 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj101 9020 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 1340 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 4500 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 4400 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 4300 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 4310 | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj501 4320 | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj301 1200 | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj301 1100 | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj101 1000 | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj101 9000 | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj Pa3001 | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 1.48 |
| Running on/with | Platform Versions |
|---|---|
Omron Nj Pd3001 | All versions |
Related CWEs
CWE-294
Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
CWE-489
Active Debug Code
The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.
References (4)
Source: vultures@jpcert.or.jp
Third Party AdvisoryVDB Entry
Source: vultures@jpcert.or.jp
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Timeline
No history available yet.