Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Sysmac Studio by Omron

    VAR-202207-0037

    Vulnerability from variot - Updated: 2024-08-14 14:49

    Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. * Using hardcoded credentials ( CWE-798 ) - CVE-2022-34151 It was * Capture-Replay Authentication evasion by ( CWE-294 ) - CVE-2022-33208 It was * Presence of debug code available ( CWE-489 ) - CVE-2022-33971 This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but may include: * Unauthorized access to the controller product by a third party who has obtained authentication information by analyzing the product in advance. - CVE-2022-34151 It was * Applicable controller products and automation software Sysmac Studio unauthorized access to the controller product by a third party who can analyze the communication between the controller and the programmable terminal. - CVE-2022-33208 It was * Disruption of service operation ( DoS ) attacks and malicious programs are executed - CVE-2022-33971. Omron Machine automation controller NX7 series, etc. are all products of Japan's Omron (Omron). Omron Machine automation controller NX7 series is a series of machine automation controllers. Omron Machine automation controller NX1 series is a series of machine automation controllers. An attacker could exploit this vulnerability to gain full access to a vulnerable system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0037",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nx1w-cif01",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-5300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1p2-1140dt",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-1520",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx701-1600",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.28"
          },
          {
            "model": "nj501-r520",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-4500",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx102-1000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-r300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-4300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-1500",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-r420",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "na5-15w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.15"
          },
          {
            "model": "nj501-1420",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj-pd3001",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj101-1020",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1p2-9024dt1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj101-9000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx701-z600",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.28"
          },
          {
            "model": "nx102-1200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-1300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "sysmac studio",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.49"
          },
          {
            "model": "nj501-1320",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-r500",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-4310",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx102-1100",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "na5-7w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.15"
          },
          {
            "model": "nj501-140",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "na5-12w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.15"
          },
          {
            "model": "nx102-1020",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj301-1100",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj101-1000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1w-mab221",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx701-1720",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.28"
          },
          {
            "model": "nx701-z700",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.28"
          },
          {
            "model": "nx701-1620",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.28"
          },
          {
            "model": "nx1w-cif12",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1p2-1040dt1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj101-9020",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj301-1200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj-pa3001",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1w-adb21",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-4400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx102-1220",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1p2-9024dt",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1w-cif11",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-4320",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx102-9020",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1p2-1040dt",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "na5-9w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.15"
          },
          {
            "model": "nj501-1340",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx102-1120",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-r400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1p2-1140dt1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-r320",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1w-dab21v",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx701-1700",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.28"
          },
          {
            "model": "\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 sysmac studio",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "\u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30bf\u30fc\u30df\u30ca\u30eb na \u30b7\u30ea\u30fc\u30ba",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "\u30de\u30b7\u30f3\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9 nx \u30b7\u30ea\u30fc\u30ba",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "\u30de\u30b7\u30f3\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9 nj \u30b7\u30ea\u30fc\u30ba",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-34151"
          }
        ]
      },
      "cve": "CVE-2022-34151",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-34151",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-426451",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2022-34151",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 9.4,
                "baseSeverity": "Critical",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2022-002691",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-34151",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2022-002691",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202207-356",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-426451",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-34151",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-426451"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-34151"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-356"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-34151"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software \u0027Sysmac Studio\u0027 all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. * Using hardcoded credentials ( CWE-798 ) - CVE-2022-34151 It was * Capture-Replay Authentication evasion by ( CWE-294 ) - CVE-2022-33208 It was * Presence of debug code available ( CWE-489 ) - CVE-2022-33971 This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but may include: * Unauthorized access to the controller product by a third party who has obtained authentication information by analyzing the product in advance. - CVE-2022-34151 It was * Applicable controller products and automation software Sysmac Studio unauthorized access to the controller product by a third party who can analyze the communication between the controller and the programmable terminal. - CVE-2022-33208 It was * Disruption of service operation ( DoS ) attacks and malicious programs are executed - CVE-2022-33971. Omron Machine automation controller NX7 series, etc. are all products of Japan\u0027s Omron (Omron). Omron Machine automation controller NX7 series is a series of machine automation controllers. Omron Machine automation controller NX1 series is a series of machine automation controllers. An attacker could exploit this vulnerability to gain full access to a vulnerable system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-34151"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "db": "VULHUB",
            "id": "VHN-426451"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-34151"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-34151",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVNVU97050784",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691",
            "trust": 1.4
          },
          {
            "db": "USCERT",
            "id": "AA22-103A",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-356",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070405",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-426451",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-34151",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-426451"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-34151"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-356"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-34151"
          }
        ]
      },
      "id": "VAR-202207-0037",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-426451"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T14:49:43.121000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "machine automation controller \u00a0NJ/NX\u00a0 Authentication Bypass Vulnerability in Communication Function of Series Omron Corporation",
            "trust": 0.8,
            "url": "https://www.fa.omron.co.jp/product/vulnerability/OMSR-2022-001_ja.pdf"
          },
          {
            "title": "Multiple Omron Repair measures for product trust management problem vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=200206"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-356"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.0
          },
          {
            "problemtype": "Capture-replay authentication evasion by (CWE-294) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " debug code in active state (CWE-489) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Use hard-coded credentials (CWE-798) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-294",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-426451"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-34151"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://jvn.jp/en/vu/jvnvu97050784/index.html"
          },
          {
            "trust": 1.8,
            "url": "https://www.ia.omron.com/product/vulnerability/omsr-2022-001_en.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97050784/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-34151"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-33208"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-33971"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ncas/alerts/aa22-103a"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-34151/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070405"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002691.html"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/294.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-426451"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-34151"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-356"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-34151"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-426451"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-34151"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-356"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-34151"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-426451"
          },
          {
            "date": "2022-07-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-34151"
          },
          {
            "date": "2022-11-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "date": "2022-07-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202207-356"
          },
          {
            "date": "2022-07-04T02:15:07.727000",
            "db": "NVD",
            "id": "CVE-2022-34151"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-426451"
          },
          {
            "date": "2022-07-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-34151"
          },
          {
            "date": "2022-11-09T08:53:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "date": "2022-11-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202207-356"
          },
          {
            "date": "2023-08-08T14:22:24.967000",
            "db": "NVD",
            "id": "CVE-2022-34151"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-356"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in multiple Omron products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-356"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202207-0036

    Vulnerability from variot - Updated: 2024-08-14 14:49

    Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller. * Using hardcoded credentials ( CWE-798 ) - CVE-2022-34151 It was * Capture-Replay Authentication evasion by ( CWE-294 ) - CVE-2022-33208 It was * Presence of debug code available ( CWE-489 ) - CVE-2022-33971 This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but may include: * Unauthorized access to the controller product by a third party who has obtained authentication information by analyzing the product in advance. - CVE-2022-33208 It was * Disruption of service operation ( DoS ) attacks and malicious programs are executed - CVE-2022-33971. are all products of Japan's Omron (Omron). A remote attacker could exploit this vulnerability to bypass the authentication process

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0036",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nx1w-cif01",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-5300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1p2-1140dt",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-1520",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx701-1600",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.28"
          },
          {
            "model": "nj501-r520",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-4500",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx102-1000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-r300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-4300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-1500",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-r420",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "na5-15w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.15"
          },
          {
            "model": "nj501-1420",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj-pd3001",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj101-1020",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1p2-9024dt1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj101-9000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx701-z600",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.28"
          },
          {
            "model": "nx102-1200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-1300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "sysmac studio",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.49"
          },
          {
            "model": "nj501-1320",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-r500",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-4310",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx102-1100",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "na5-7w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.15"
          },
          {
            "model": "nj501-140",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "na5-12w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.15"
          },
          {
            "model": "nx102-1020",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj301-1100",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj101-1000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1w-mab221",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx701-1720",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.28"
          },
          {
            "model": "nx701-z700",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.28"
          },
          {
            "model": "nx701-1620",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.28"
          },
          {
            "model": "nx1w-cif12",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1p2-1040dt1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj101-9020",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj301-1200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj-pa3001",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1w-adb21",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-4400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx102-1220",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1p2-9024dt",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1w-cif11",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-4320",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx102-9020",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1p2-1040dt",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "na5-9w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.15"
          },
          {
            "model": "nj501-1340",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx102-1120",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-r400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1p2-1140dt1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nj501-r320",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx1w-dab21v",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.48"
          },
          {
            "model": "nx701-1700",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "omron",
            "version": "1.28"
          },
          {
            "model": "\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 sysmac studio",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "\u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30bf\u30fc\u30df\u30ca\u30eb na \u30b7\u30ea\u30fc\u30ba",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "\u30de\u30b7\u30f3\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9 nx \u30b7\u30ea\u30fc\u30ba",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
            "version": null
          },
          {
            "model": "\u30de\u30b7\u30f3\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9 nj \u30b7\u30ea\u30fc\u30ba",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33208"
          }
        ]
      },
      "cve": "CVE-2022-33208",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2022-33208",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.1,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-426449",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2022-33208",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2022-002691",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2022-33208",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2022-002691",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202207-355",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-426449",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2022-33208",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-426449"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-33208"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-355"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33208"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software \u0027Sysmac Studio\u0027 all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software \u0027Sysmac Studio\u0027 and/or a Programmable Terminal (PT) to access the controller. * Using hardcoded credentials ( CWE-798 ) - CVE-2022-34151 It was * Capture-Replay Authentication evasion by ( CWE-294 ) - CVE-2022-33208 It was * Presence of debug code available ( CWE-489 ) - CVE-2022-33971 This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but may include: * Unauthorized access to the controller product by a third party who has obtained authentication information by analyzing the product in advance. - CVE-2022-33208 It was * Disruption of service operation ( DoS ) attacks and malicious programs are executed - CVE-2022-33971. are all products of Japan\u0027s Omron (Omron). A remote attacker could exploit this vulnerability to bypass the authentication process",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-33208"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "db": "VULHUB",
            "id": "VHN-426449"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-33208"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-33208",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVNVU97050784",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691",
            "trust": 1.4
          },
          {
            "db": "USCERT",
            "id": "AA22-103A",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-355",
            "trust": 0.7
          },
          {
            "db": "CS-HELP",
            "id": "SB2022070405",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-426449",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-33208",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-426449"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-33208"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-355"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33208"
          }
        ]
      },
      "id": "VAR-202207-0036",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-426449"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-08-14T14:49:43.088000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "machine automation controller \u00a0NJ/NX\u00a0 Authentication Bypass Vulnerability in Communication Function of Series Omron Corporation",
            "trust": 0.8,
            "url": "https://www.fa.omron.co.jp/product/vulnerability/OMSR-2022-001_ja.pdf"
          },
          {
            "title": "Multiple Omron Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=200205"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-355"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-294",
            "trust": 1.1
          },
          {
            "problemtype": "Capture-replay authentication evasion by (CWE-294) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " debug code in active state (CWE-489) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Use hard-coded credentials (CWE-798) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-426449"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33208"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://jvn.jp/en/vu/jvnvu97050784/index.html"
          },
          {
            "trust": 1.8,
            "url": "https://www.ia.omron.com/product/vulnerability/omsr-2022-001_en.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu97050784/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-34151"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-33208"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-33971"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/uscert/ncas/alerts/aa22-103a"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022070405"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-33208/"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002691.html"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/294.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-426449"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-33208"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-355"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33208"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-426449"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-33208"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-355"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-33208"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-426449"
          },
          {
            "date": "2022-07-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-33208"
          },
          {
            "date": "2022-11-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "date": "2022-07-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202207-355"
          },
          {
            "date": "2022-07-04T02:15:07.570000",
            "db": "NVD",
            "id": "CVE-2022-33208"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-07-15T00:00:00",
            "db": "VULHUB",
            "id": "VHN-426449"
          },
          {
            "date": "2022-07-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-33208"
          },
          {
            "date": "2022-11-09T08:53:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          },
          {
            "date": "2022-11-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202207-355"
          },
          {
            "date": "2022-07-15T17:06:55.383000",
            "db": "NVD",
            "id": "CVE-2022-33208"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-355"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in multiple Omron products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002691"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202207-355"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2022-45792 (GCVE-0-2022-45792)

    Vulnerability from nvd – Published: 2024-01-22 17:46 – Updated: 2025-06-17 21:19
    VLAI
    Title
    Directory Traversal in Project File Format allows overwrite (Zip Slip)
    Summary
    Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Omron Sysmac Studio Affected: 0 , < 1.54.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:17:04.101Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45792",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-30T18:36:27.204028Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:19:25.577Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "x86",
                "64 bit"
              ],
              "product": "Sysmac Studio",
              "vendor": "Omron",
              "versions": [
                {
                  "lessThan": "1.54.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user."
                }
              ],
              "value": "Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-165",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-165 File Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-22T17:46:36.699Z",
            "orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
            "shortName": "Dragos"
          },
          "references": [
            {
              "url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Directory Traversal in Project File Format allows overwrite (Zip Slip)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
        "assignerShortName": "Dragos",
        "cveId": "CVE-2022-45792",
        "datePublished": "2024-01-22T17:46:36.699Z",
        "dateReserved": "2022-11-22T17:52:43.198Z",
        "dateUpdated": "2025-06-17T21:19:25.577Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45793 (GCVE-0-2022-45793)

    Vulnerability from nvd – Published: 2024-01-10 20:49 – Updated: 2025-04-17 15:42
    VLAI
    Title
    Executable files writable by low-privileged users in Omron Sysmac Studio
    Summary
    Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Omron Sysmac Studio Affected: 0 , ≤ 1.54.0 (custom)
    Create a notification for this product.
    Credits
    Reid Wightman of Dragos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:17:04.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-009_en.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45793",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-11T19:43:03.624295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-17T15:42:42.580Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "64 bit",
                "32 bit"
              ],
              "product": "Sysmac Studio",
              "vendor": "Omron",
              "versions": [
                {
                  "lessThanOrEqual": "1.54.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Reid Wightman of Dragos"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user."
                }
              ],
              "value": "Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-558",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-558 Replace Trusted Executable"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-22T16:32:24.144Z",
            "orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
            "shortName": "Dragos"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04"
            },
            {
              "url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
            },
            {
              "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-009_en.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Executable files writable by low-privileged users in Omron Sysmac Studio",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
        "assignerShortName": "Dragos",
        "cveId": "CVE-2022-45793",
        "datePublished": "2024-01-10T20:49:36.082Z",
        "dateReserved": "2022-11-22T17:52:43.199Z",
        "dateUpdated": "2025-04-17T15:42:42.580Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45792 (GCVE-0-2022-45792)

    Vulnerability from cvelistv5 – Published: 2024-01-22 17:46 – Updated: 2025-06-17 21:19
    VLAI
    Title
    Directory Traversal in Project File Format allows overwrite (Zip Slip)
    Summary
    Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Omron Sysmac Studio Affected: 0 , < 1.54.0 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:17:04.101Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45792",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-30T18:36:27.204028Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-17T21:19:25.577Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "x86",
                "64 bit"
              ],
              "product": "Sysmac Studio",
              "vendor": "Omron",
              "versions": [
                {
                  "lessThan": "1.54.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user."
                }
              ],
              "value": "Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-165",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-165 File Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-22T17:46:36.699Z",
            "orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
            "shortName": "Dragos"
          },
          "references": [
            {
              "url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Directory Traversal in Project File Format allows overwrite (Zip Slip)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
        "assignerShortName": "Dragos",
        "cveId": "CVE-2022-45792",
        "datePublished": "2024-01-22T17:46:36.699Z",
        "dateReserved": "2022-11-22T17:52:43.198Z",
        "dateUpdated": "2025-06-17T21:19:25.577Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-45793 (GCVE-0-2022-45793)

    Vulnerability from cvelistv5 – Published: 2024-01-10 20:49 – Updated: 2025-04-17 15:42
    VLAI
    Title
    Executable files writable by low-privileged users in Omron Sysmac Studio
    Summary
    Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Omron Sysmac Studio Affected: 0 , ≤ 1.54.0 (custom)
    Create a notification for this product.
    Credits
    Reid Wightman of Dragos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:17:04.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-009_en.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-45793",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-11T19:43:03.624295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-17T15:42:42.580Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "64 bit",
                "32 bit"
              ],
              "product": "Sysmac Studio",
              "vendor": "Omron",
              "versions": [
                {
                  "lessThanOrEqual": "1.54.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Reid Wightman of Dragos"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user."
                }
              ],
              "value": "Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-558",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-558 Replace Trusted Executable"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-22T16:32:24.144Z",
            "orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
            "shortName": "Dragos"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04"
            },
            {
              "url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
            },
            {
              "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-009_en.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Executable files writable by low-privileged users in Omron Sysmac Studio",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
        "assignerShortName": "Dragos",
        "cveId": "CVE-2022-45793",
        "datePublished": "2024-01-10T20:49:36.082Z",
        "dateReserved": "2022-11-22T17:52:43.199Z",
        "dateUpdated": "2025-04-17T15:42:42.580Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }