cbcvebase.
CVE-2022-33971
published 2022-07-04

CVE-2022-33971: Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation…

PriorityP342high7.5CVSS 3.1
AVAACHPRNUINSUCHIHAH
EPSS
1.03%
59.5th percentile
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program.

Affected

52 ranges· showing 25
VendorProductVersion rangeFixed in
omronnj-pa3001_firmware<= 1.48
omronnj-pd3001_firmware<= 1.48
omronnj101-1000_firmware<= 1.48
omronnj101-1020_firmware<= 1.48
omronnj101-9000_firmware<= 1.48
omronnj101-9020_firmware<= 1.48
omronnj301-1100_firmware<= 1.48
omronnj301-1200_firmware< 1.481.48
omronnj501-1300_firmware<= 1.48
omronnj501-1320_firmware<= 1.48
omronnj501-1340_firmware<= 1.48
omronnj501-140_firmware<= 1.48
omronnj501-1420_firmware<= 1.48
omronnj501-1500_firmware<= 1.48
omronnj501-1520_firmware<= 1.48
omronnj501-4300_firmware<= 1.48
omronnj501-4310_firmware<= 1.48
omronnj501-4320_firmware<= 1.48
omronnj501-4400_firmware<= 1.48
omronnj501-4500_firmware<= 1.48
omronnj501-5300_firmware<= 1.48
omronnj501-r300_firmware<= 1.48
omronnj501-r320_firmware<= 1.48
omronnj501-r400_firmware<= 1.48
omronnj501-r420_firmware<= 1.48

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.4MEDIUMAV:A/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.