CVE-2022-33208

Name of the Vulnerable Software and Affected Versions Machine automation controller NJ series versions 1.48 and earlier Machine automation controller NX7 series versions 1.28 and earlier Machine automation controller NX1 series versions 1.48 and earlier Automation software 'Sysmac Studio' versions 1.49 and earlier Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime versions 1.15 and earlier

Description An authentication bypass by capture-replay vulnerability exists, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller. This issue is related to the communication functions between the machine automation controller, automation software 'Sysmac Studio', and programmable terminal 'NA', and it allows an attacker to bypass the authentication procedure.

Recommendations For Machine automation controller NJ series versions 1.48 and earlier, update to a version later than 1.48. For Machine automation controller NX7 series versions 1.28 and earlier, update to a version later than 1.28. For Machine automation controller NX1 series versions 1.48 and earlier, update to a version later than 1.48. For Automation software 'Sysmac Studio' versions 1.49 and earlier, update to a version later than 1.49. For Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime versions 1.15 and earlier, update to a version later than 1.15. As a temporary workaround, consider restricting access to the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to minimize the risk of exploitation.