Nx701 1600 Firmware
CVE-2022-33971
HIGH
Severity by source
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program.
AnalysisAI
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-294. Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program. Affected products include: Omron Nx701-1600 Firmware, Omron Nx701-1700 Firmware, Omron Nx701-Z700 Firmware, Omron Nx701-Z600 Firmware, Omron Nx701-1720 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Nx701 1600 Firmware
View allThe Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryp
Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earl
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.4
Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit al
Same weakness CWE-294 – Authentication Bypass by Capture-replay
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today