cbcvebase.
CVE-2022-33208
published 2022-07-04

CVE-2022-33208: Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation…

PriorityP352high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
1.59%
72.7th percentile
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller.

Affected

57 ranges· showing 25
VendorProductVersion rangeFixed in
omronna5-12w_firmware<= 1.15
omronna5-15w_firmware<= 1.15
omronna5-7w_firmware<= 1.15
omronna5-9w_firmware<= 1.15
omronnj-pa3001_firmware<= 1.48
omronnj-pd3001_firmware<= 1.48
omronnj101-1000_firmware<= 1.48
omronnj101-1020_firmware<= 1.48
omronnj101-9000_firmware<= 1.48
omronnj101-9020_firmware<= 1.48
omronnj301-1100_firmware<= 1.48
omronnj301-1200_firmware< 1.481.48
omronnj501-1300_firmware<= 1.48
omronnj501-1320_firmware<= 1.48
omronnj501-1340_firmware<= 1.48
omronnj501-140_firmware<= 1.48
omronnj501-1420_firmware<= 1.48
omronnj501-1500_firmware<= 1.48
omronnj501-1520_firmware<= 1.48
omronnj501-4300_firmware<= 1.48
omronnj501-4310_firmware<= 1.48
omronnj501-4320_firmware<= 1.48
omronnj501-4400_firmware<= 1.48
omronnj501-4500_firmware<= 1.48
omronnj501-5300_firmware<= 1.48

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.