Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Lifecycle Timeline
3DescriptionCVE.org
Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the controller products.
AnalysisAI
CVE-2025-1384 is a least privilege violation (CWE-272) in the communication protocol between Omron NJ/NX-series Machine Automation Controllers and Sysmac Studio software that allows unauthenticated remote attackers to execute arbitrary code on affected controllers. The vulnerability affects industrial automation environments and enables complete compromise of controller functionality through unauthorized remote code execution. While the CVSS score of 7.0 indicates moderate-to-high severity, the network-accessible attack vector and lack of required privileges make this a significant threat to operational technology (OT) environments, particularly in manufacturing and critical infrastructure sectors.
Technical ContextAI
The vulnerability exists in the proprietary communication protocol used between Omron's Sysmac Studio development environment and NJ/NX-series Programmable Logic Controllers (PLCs). These controllers are core components in industrial automation, handling process control, safety logic, and machine coordination. The root cause is classified as CWE-272 (Improper Privilege Management), indicating that the communication function fails to properly validate privilege levels or enforce least-privilege principles when processing commands from remote clients. This likely manifests as insufficient authentication/authorization checks in the network protocol handler, allowing an unauthenticated remote attacker to send specially crafted packets that bypass privilege restrictions and execute code with controller-level permissions. The protocol likely operates over TCP/IP, making it accessible from networked positions without requiring physical access or local credentials.
RemediationAI
Primary remediation: Apply manufacturer security patches to Sysmac Studio and controller firmware as released by Omron in their official security advisory. Interim mitigations (if patches unavailable or cannot be deployed): (1) Network segmentation - isolate NJ/NX controllers and Sysmac Studio systems on restricted VLAN/subnet with strict ingress/egress filtering; (2) Access control lists (ACLs) - restrict network access to Sysmac Studio communication ports (proprietary, likely TCP-based) to only authorized engineering workstations; (3) Disable remote programming - if operationally feasible, disable remote communication capabilities on controllers and require on-site engineering access; (4) Intrusion detection - implement network monitoring for anomalous communication patterns to/from controllers; (5) Upgrade timeline - prioritize patching for controllers in public-facing or less-protected network segments before those in deeper OT networks. Patch availability status and specific version numbers must be obtained from the official Omron security advisory/bulletin (not provided in this CVE data summary). Coordinate patching with plant maintenance windows to minimize production disruption.
Remote code execution in Windows Shell across XP through Windows 7 via malicious .LNK or .PIF shortcut files automatical
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x
Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via craf
AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and earlier does not properly handle IOCP RPC messages r
Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device
Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed
Unspecified vulnerability in the command-line management interface on Siemens Scalance W7xx devices with firmware before
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3
Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WI
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3
core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) befor
Same weakness CWE-272 – Least Privilege Violation
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-21287