CVE-2022-33208

Description

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller.

References

Link	Tags
https://www.ia.omron.com/product/vulnerability/OMSR-2022-001_en.pdf	mitigation vendor advisory
https://jvn.jp/en/vu/JVNVU97050784/index.html	third party advisory vdb entry

Frequently Asked Questions

What is the severity of CVE-2022-33208?: CVE-2022-33208 has been scored as a high severity vulnerability.
How to fix CVE-2022-33208?: To fix CVE-2022-33208, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-33208 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-33208 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-33208?: CVE-2022-33208 affects OMRON Corporation Machine automation controller NJ series, Machine automation controller NX series, Automation software 'Sysmac Studio', and Programmable Terminal (PT) NA series.

Description

Category

CWE-294 – Authentication Bypass by Capture-replay

References

Frequently Asked Questions