CVE-2022-34151

Name of the Vulnerable Software and Affected Versions Machine automation controller NJ series versions 1.48 and earlier Machine automation controller NX7 series versions 1.28 and earlier Machine automation controller NX1 series versions 1.48 and earlier Automation software 'Sysmac Studio' versions 1.49 and earlier Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime versions 1.15 and earlier

Description A use of hard-coded credentials vulnerability exists in the affected products, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. This issue is related to the communication functions between the machine automation controller, automation software, and programmable terminal.

Recommendations For Machine automation controller NJ series versions 1.48 and earlier, update to a version later than 1.48 to resolve the issue. For Machine automation controller NX7 series versions 1.28 and earlier, update to a version later than 1.28 to resolve the issue. For Machine automation controller NX1 series versions 1.48 and earlier, update to a version later than 1.48 to resolve the issue. For Automation software 'Sysmac Studio' versions 1.49 and earlier, update to a version later than 1.49 to resolve the issue. For Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime versions 1.15 and earlier, update to a version later than 1.15 to resolve the issue. As a temporary workaround, consider restricting access to the affected products until a patch is available.