How to fix CVE-2025-1384?

Within 24 hours: Inventory all NJ/NX-series controllers and Sysmac Studio deployments; restrict network access to these systems to authorized personnel only. Within 7 days: Implement network segmentation isolating affected controllers from untrusted networks; disable remote access capabilities where operationally feasible; establish enhanced monitoring for suspicious authentication attempts. Within 30 days: Contact Omron for patch availability and deployment timeline; develop and test remediation plan; execute patching in controlled production windows.

Is Siemens affected by CVE-2025-1384?

CVE-2025-1384 affects Omron NJ/NX-series industrial automation controllers and Sysmac Studio software, enabling remote attackers to bypass security controls and execute unauthorized code on critical manufacturing systems.

CVE-2025-1384

EUVD-2025-21287 HIGH

2025-07-14 bba440f9-ef23-4224-aa62-7ac0935d18d1

7.0

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 09:43 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 09:43 euvd

EUVD-2025-21287

CVE Published

Jul 14, 2025 - 00:15 nvd

HIGH 7.0

Description

Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the controller products.

Analysis

CVE-2025-1384 is a least privilege violation (CWE-272) in the communication protocol between Omron NJ/NX-series Machine Automation Controllers and Sysmac Studio software that allows unauthenticated remote attackers to execute arbitrary code on affected controllers. The vulnerability affects industrial automation environments and enables complete compromise of controller functionality through unauthorized remote code execution. While the CVSS score of 7.0 indicates moderate-to-high severity, the network-accessible attack vector and lack of required privileges make this a significant threat to operational technology (OT) environments, particularly in manufacturing and critical infrastructure sectors.

Technical Context

The vulnerability exists in the proprietary communication protocol used between Omron's Sysmac Studio development environment and NJ/NX-series Programmable Logic Controllers (PLCs). These controllers are core components in industrial automation, handling process control, safety logic, and machine coordination. The root cause is classified as CWE-272 (Improper Privilege Management), indicating that the communication function fails to properly validate privilege levels or enforce least-privilege principles when processing commands from remote clients. This likely manifests as insufficient authentication/authorization checks in the network protocol handler, allowing an unauthenticated remote attacker to send specially crafted packets that bypass privilege restrictions and execute code with controller-level permissions. The protocol likely operates over TCP/IP, making it accessible from networked positions without requiring physical access or local credentials.

Affected Products

Omron NJ-series Machine Automation Controllers (specific versions not detailed in provided description, but typically includes NJ301, NJ501, NJ601 variants and their sub-models). Omron NX-series Machine Automation Controllers (NX-series successor platform). Sysmac Studio software (development/configuration tool) - all versions supporting communication with affected controllers. Affected CPE would align with: cpe:2.3:a:omron:sysmac_studio:*:*:*:*:*:*:*:* (software) and cpe:2.3:h:omron:nj_series:*:*:*:*:*:*:*:* / cpe:2.3:h:omron:nx_series:*:*:*:*:*:*:*:* (hardware). Consult official Omron security advisory (referenced vendor bulletin) for precise affected firmware/software versions and any patched versions. Geographic and vertical deployment is broad - automotive, semiconductor manufacturing, packaging, pharmaceutical, and general discrete/process manufacturing sectors worldwide.

Remediation

Primary remediation: Apply manufacturer security patches to Sysmac Studio and controller firmware as released by Omron in their official security advisory. Interim mitigations (if patches unavailable or cannot be deployed): (1) Network segmentation - isolate NJ/NX controllers and Sysmac Studio systems on restricted VLAN/subnet with strict ingress/egress filtering; (2) Access control lists (ACLs) - restrict network access to Sysmac Studio communication ports (proprietary, likely TCP-based) to only authorized engineering workstations; (3) Disable remote programming - if operationally feasible, disable remote communication capabilities on controllers and require on-site engineering access; (4) Intrusion detection - implement network monitoring for anomalous communication patterns to/from controllers; (5) Upgrade timeline - prioritize patching for controllers in public-facing or less-protected network segments before those in deeper OT networks. Patch availability status and specific version numbers must be obtained from the official Omron security advisory/bulletin (not provided in this CVE data summary). Coordinate patching with plant maintenance windows to minimize production disruption.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +35

POC: 0

CVE-2025-1384 vulnerability details – vuln.today

Back

CVE-2025-1384

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-1384

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code