CVE-2022-33971

Name of the Vulnerable Software and Affected Versions Omron Machine automation controller NX7 series versions 1.28 and earlier Omron Machine automation controller NX1 series versions 1.48 and earlier Omron Machine automation controller NJ series versions 1.48 and earlier

Description The issue is related to an authentication bypass by capture-replay vulnerability, which may allow an adjacent attacker to cause a denial-of-service (DoS) condition or execute a malicious program by analyzing the communication between the controller and specific software used internally. This could potentially be exploited by a remote attacker to achieve similar malicious outcomes.

Recommendations For Omron Machine automation controller NX7 series versions 1.28 and earlier, update to a version later than 1.28 to resolve the issue. For Omron Machine automation controller NX1 series versions 1.48 and earlier, update to a version later than 1.48 to resolve the issue. For Omron Machine automation controller NJ series versions 1.48 and earlier, update to a version later than 1.48 to resolve the issue. As a temporary workaround, consider restricting access to the communication between the controller and the specific software used internally to minimize the risk of exploitation.