Vulnerabilites related to Omron - Sysmac Studio
var-202207-0037
Vulnerability from variot
Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. * Using hardcoded credentials ( CWE-798 ) - CVE-2022-34151 It was * Capture-Replay Authentication evasion by ( CWE-294 ) - CVE-2022-33208 It was * Presence of debug code available ( CWE-489 ) - CVE-2022-33971 This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but may include: * Unauthorized access to the controller product by a third party who has obtained authentication information by analyzing the product in advance. - CVE-2022-34151 It was * Applicable controller products and automation software Sysmac Studio unauthorized access to the controller product by a third party who can analyze the communication between the controller and the programmable terminal. - CVE-2022-33208 It was * Disruption of service operation ( DoS ) attacks and malicious programs are executed - CVE-2022-33971. Omron Machine automation controller NX7 series, etc. are all products of Japan's Omron (Omron). Omron Machine automation controller NX7 series is a series of machine automation controllers. Omron Machine automation controller NX1 series is a series of machine automation controllers. An attacker could exploit this vulnerability to gain full access to a vulnerable system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nx1w-cif01",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-5300",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-1140dt",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-1520",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx701-1600",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nj501-r520",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4500",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-1000",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r300",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4300",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-1500",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r420",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "na5-15w",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.15"
},
{
"model": "nj501-1420",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj-pd3001",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj101-1020",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-9024dt1",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj101-9000",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx701-z600",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nx102-1200",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-1300",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "sysmac studio",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.49"
},
{
"model": "nj501-1320",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r500",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4310",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-1100",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "na5-7w",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.15"
},
{
"model": "nj501-140",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "na5-12w",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.15"
},
{
"model": "nx102-1020",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj301-1100",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj101-1000",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1w-mab221",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx701-1720",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nx701-z700",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nx701-1620",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nx1w-cif12",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-1040dt1",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj101-9020",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj301-1200",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj-pa3001",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1w-adb21",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4400",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-1220",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-9024dt",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1w-cif11",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4320",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-9020",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-1040dt",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "na5-9w",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.15"
},
{
"model": "nj501-1340",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-1120",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r400",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-1140dt1",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r320",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1w-dab21v",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx701-1700",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 sysmac studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "\u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30bf\u30fc\u30df\u30ca\u30eb na \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "\u30de\u30b7\u30f3\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9 nx \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "\u30de\u30b7\u30f3\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9 nj \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "NVD",
"id": "CVE-2022-34151"
}
]
},
"cve": "CVE-2022-34151",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-34151",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-426451",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-34151",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.4,
"baseSeverity": "Critical",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2022-002691",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-34151",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002691",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-356",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-426451",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-34151",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426451"
},
{
"db": "VULMON",
"id": "CVE-2022-34151"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-356"
},
{
"db": "NVD",
"id": "CVE-2022-34151"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software \u0027Sysmac Studio\u0027 all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. * Using hardcoded credentials ( CWE-798 ) - CVE-2022-34151 It was * Capture-Replay Authentication evasion by ( CWE-294 ) - CVE-2022-33208 It was * Presence of debug code available ( CWE-489 ) - CVE-2022-33971 This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but may include: * Unauthorized access to the controller product by a third party who has obtained authentication information by analyzing the product in advance. - CVE-2022-34151 It was * Applicable controller products and automation software Sysmac Studio unauthorized access to the controller product by a third party who can analyze the communication between the controller and the programmable terminal. - CVE-2022-33208 It was * Disruption of service operation ( DoS ) attacks and malicious programs are executed - CVE-2022-33971. Omron Machine automation controller NX7 series, etc. are all products of Japan\u0027s Omron (Omron). Omron Machine automation controller NX7 series is a series of machine automation controllers. Omron Machine automation controller NX1 series is a series of machine automation controllers. An attacker could exploit this vulnerability to gain full access to a vulnerable system",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-34151"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "VULHUB",
"id": "VHN-426451"
},
{
"db": "VULMON",
"id": "CVE-2022-34151"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-34151",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU97050784",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691",
"trust": 1.4
},
{
"db": "USCERT",
"id": "AA22-103A",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-356",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022070405",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426451",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-34151",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426451"
},
{
"db": "VULMON",
"id": "CVE-2022-34151"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-356"
},
{
"db": "NVD",
"id": "CVE-2022-34151"
}
]
},
"id": "VAR-202207-0037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426451"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:49:43.121000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "machine automation controller \u00a0NJ/NX\u00a0 Authentication Bypass Vulnerability in Communication Function of Series Omron Corporation",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/vulnerability/OMSR-2022-001_ja.pdf"
},
{
"title": "Multiple Omron Repair measures for product trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=200206"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-356"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "Capture-replay authentication evasion by (CWE-294) [ others ]",
"trust": 0.8
},
{
"problemtype": " debug code in active state (CWE-489) [ others ]",
"trust": 0.8
},
{
"problemtype": " Use hard-coded credentials (CWE-798) [ others ]",
"trust": 0.8
},
{
"problemtype": "CWE-294",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426451"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "NVD",
"id": "CVE-2022-34151"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://jvn.jp/en/vu/jvnvu97050784/index.html"
},
{
"trust": 1.8,
"url": "https://www.ia.omron.com/product/vulnerability/omsr-2022-001_en.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97050784/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34151"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33208"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33971"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ncas/alerts/aa22-103a"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-34151/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070405"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002691.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/294.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426451"
},
{
"db": "VULMON",
"id": "CVE-2022-34151"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-356"
},
{
"db": "NVD",
"id": "CVE-2022-34151"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426451"
},
{
"db": "VULMON",
"id": "CVE-2022-34151"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-356"
},
{
"db": "NVD",
"id": "CVE-2022-34151"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-04T00:00:00",
"db": "VULHUB",
"id": "VHN-426451"
},
{
"date": "2022-07-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34151"
},
{
"date": "2022-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"date": "2022-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-356"
},
{
"date": "2022-07-04T02:15:07.727000",
"db": "NVD",
"id": "CVE-2022-34151"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-426451"
},
{
"date": "2022-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2022-34151"
},
{
"date": "2022-11-09T08:53:00",
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"date": "2022-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-356"
},
{
"date": "2023-08-08T14:22:24.967000",
"db": "NVD",
"id": "CVE-2022-34151"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-356"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in multiple Omron products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-356"
}
],
"trust": 0.6
}
}
var-202207-0036
Vulnerability from variot
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller. * Using hardcoded credentials ( CWE-798 ) - CVE-2022-34151 It was * Capture-Replay Authentication evasion by ( CWE-294 ) - CVE-2022-33208 It was * Presence of debug code available ( CWE-489 ) - CVE-2022-33971 This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but may include: * Unauthorized access to the controller product by a third party who has obtained authentication information by analyzing the product in advance. - CVE-2022-33208 It was * Disruption of service operation ( DoS ) attacks and malicious programs are executed - CVE-2022-33971. are all products of Japan's Omron (Omron). A remote attacker could exploit this vulnerability to bypass the authentication process
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nx1w-cif01",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-5300",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-1140dt",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-1520",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx701-1600",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nj501-r520",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4500",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-1000",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r300",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4300",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-1500",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r420",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "na5-15w",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.15"
},
{
"model": "nj501-1420",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj-pd3001",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj101-1020",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-9024dt1",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj101-9000",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx701-z600",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nx102-1200",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-1300",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "sysmac studio",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.49"
},
{
"model": "nj501-1320",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r500",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4310",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-1100",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "na5-7w",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.15"
},
{
"model": "nj501-140",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "na5-12w",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.15"
},
{
"model": "nx102-1020",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj301-1100",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj101-1000",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1w-mab221",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx701-1720",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nx701-z700",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nx701-1620",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "nx1w-cif12",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-1040dt1",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj101-9020",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj301-1200",
"scope": "lt",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj-pa3001",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1w-adb21",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4400",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-1220",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-9024dt",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1w-cif11",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-4320",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-9020",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-1040dt",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "na5-9w",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.15"
},
{
"model": "nj501-1340",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx102-1120",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r400",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1p2-1140dt1",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nj501-r320",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx1w-dab21v",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.48"
},
{
"model": "nx701-1700",
"scope": "lte",
"trust": 1.0,
"vendor": "omron",
"version": "1.28"
},
{
"model": "\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 sysmac studio",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "\u30d7\u30ed\u30b0\u30e9\u30de\u30d6\u30eb\u30bf\u30fc\u30df\u30ca\u30eb na \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "\u30de\u30b7\u30f3\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9 nx \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "\u30de\u30b7\u30f3\u30aa\u30fc\u30c8\u30e1\u30fc\u30b7\u30e7\u30f3\u30b3\u30f3\u30c8\u30ed\u30fc\u30e9 nj \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u30aa\u30e0\u30ed\u30f3\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "NVD",
"id": "CVE-2022-33208"
}
]
},
"cve": "CVE-2022-33208",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-33208",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-426449",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2022-33208",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-002691",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-33208",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-002691",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-355",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-426449",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-33208",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426449"
},
{
"db": "VULMON",
"id": "CVE-2022-33208"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-355"
},
{
"db": "NVD",
"id": "CVE-2022-33208"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software \u0027Sysmac Studio\u0027 all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software \u0027Sysmac Studio\u0027 and/or a Programmable Terminal (PT) to access the controller. * Using hardcoded credentials ( CWE-798 ) - CVE-2022-34151 It was * Capture-Replay Authentication evasion by ( CWE-294 ) - CVE-2022-33208 It was * Presence of debug code available ( CWE-489 ) - CVE-2022-33971 This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but may include: * Unauthorized access to the controller product by a third party who has obtained authentication information by analyzing the product in advance. - CVE-2022-33208 It was * Disruption of service operation ( DoS ) attacks and malicious programs are executed - CVE-2022-33971. are all products of Japan\u0027s Omron (Omron). A remote attacker could exploit this vulnerability to bypass the authentication process",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33208"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "VULHUB",
"id": "VHN-426449"
},
{
"db": "VULMON",
"id": "CVE-2022-33208"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33208",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU97050784",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691",
"trust": 1.4
},
{
"db": "USCERT",
"id": "AA22-103A",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-355",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022070405",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-426449",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-33208",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426449"
},
{
"db": "VULMON",
"id": "CVE-2022-33208"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-355"
},
{
"db": "NVD",
"id": "CVE-2022-33208"
}
]
},
"id": "VAR-202207-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-426449"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:49:43.088000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "machine automation controller \u00a0NJ/NX\u00a0 Authentication Bypass Vulnerability in Communication Function of Series Omron Corporation",
"trust": 0.8,
"url": "https://www.fa.omron.co.jp/product/vulnerability/OMSR-2022-001_ja.pdf"
},
{
"title": "Multiple Omron Product security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=200205"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-355"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-294",
"trust": 1.1
},
{
"problemtype": "Capture-replay authentication evasion by (CWE-294) [ others ]",
"trust": 0.8
},
{
"problemtype": " debug code in active state (CWE-489) [ others ]",
"trust": 0.8
},
{
"problemtype": " Use hard-coded credentials (CWE-798) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426449"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "NVD",
"id": "CVE-2022-33208"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://jvn.jp/en/vu/jvnvu97050784/index.html"
},
{
"trust": 1.8,
"url": "https://www.ia.omron.com/product/vulnerability/omsr-2022-001_en.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97050784/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-34151"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33208"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33971"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ncas/alerts/aa22-103a"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070405"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33208/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002691.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/294.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-426449"
},
{
"db": "VULMON",
"id": "CVE-2022-33208"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-355"
},
{
"db": "NVD",
"id": "CVE-2022-33208"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-426449"
},
{
"db": "VULMON",
"id": "CVE-2022-33208"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-355"
},
{
"db": "NVD",
"id": "CVE-2022-33208"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-04T00:00:00",
"db": "VULHUB",
"id": "VHN-426449"
},
{
"date": "2022-07-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33208"
},
{
"date": "2022-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"date": "2022-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-355"
},
{
"date": "2022-07-04T02:15:07.570000",
"db": "NVD",
"id": "CVE-2022-33208"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-426449"
},
{
"date": "2022-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33208"
},
{
"date": "2022-11-09T08:53:00",
"db": "JVNDB",
"id": "JVNDB-2022-002691"
},
{
"date": "2022-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-355"
},
{
"date": "2022-07-15T17:06:55.383000",
"db": "NVD",
"id": "CVE-2022-33208"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-355"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in multiple Omron products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002691"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-355"
}
],
"trust": 0.6
}
}
cve-2022-45793
Vulnerability from cvelistv5
Published
2024-01-10 20:49
Modified
2024-08-03 14:17
Severity ?
EPSS score ?
Summary
Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Omron | Sysmac Studio |
Version: 0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:04.086Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-009_en.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"64 bit",
"32 bit"
],
"product": "Sysmac Studio",
"vendor": "Omron",
"versions": [
{
"lessThanOrEqual": "1.54.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Reid Wightman of Dragos"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user."
}
],
"value": "Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user."
}
],
"impacts": [
{
"capecId": "CAPEC-558",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-558 Replace Trusted Executable"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-22T16:32:24.144Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04"
},
{
"url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
},
{
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-009_en.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Executable files writable by low-privileged users in Omron Sysmac Studio",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2022-45793",
"datePublished": "2024-01-10T20:49:36.082Z",
"dateReserved": "2022-11-22T17:52:43.199Z",
"dateUpdated": "2024-08-03T14:17:04.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-45792
Vulnerability from cvelistv5
Published
2024-01-22 17:46
Modified
2024-08-03 14:17
Severity ?
EPSS score ?
Summary
Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Omron | Sysmac Studio |
Version: 0 < 1.54.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:04.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"x86",
"64 bit"
],
"product": "Sysmac Studio",
"vendor": "Omron",
"versions": [
{
"lessThan": "1.54.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user."
}
],
"value": "Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-22T17:46:36.699Z",
"orgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"shortName": "Dragos"
},
"references": [
{
"url": "https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Directory Traversal in Project File Format allows overwrite (Zip Slip)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "12bdf821-1545-4a87-aac5-61670cc6fcef",
"assignerShortName": "Dragos",
"cveId": "CVE-2022-45792",
"datePublished": "2024-01-22T17:46:36.699Z",
"dateReserved": "2022-11-22T17:52:43.198Z",
"dateUpdated": "2024-08-03T14:17:04.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}