CVSS: 10.0EPSS: 2%CPEs: 634EXPL: 0CVE-2023-27396
https://notcve.org/view.php?id=CVE-2023-27396
19 Jun 2023 — FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the sys... • https://jvn.jp/en/ta/JVNTA91513661 • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 50EXPL: 0CVE-2022-31206
https://notcve.org/view.php?id=CVE-2022-31206
26 Jul 2022 — The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant POU code to native machine code for execution by the PLC's runtime). The resulting machine code is executed by a runtime, typically controlled by a real-time operating system. The logic that is downloaded to the PLC does not seem to be cryptographically aut... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-179-02 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.1EPSS: 1%CPEs: 113EXPL: 0CVE-2022-34151
https://notcve.org/view.php?id=CVE-2022-34151
04 Jul 2022 — Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user crede... • https://jvn.jp/en/vu/JVNVU97050784/index.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 104EXPL: 0CVE-2022-33971
https://notcve.org/view.php?id=CVE-2022-33971
04 Jul 2022 — Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program. Se presen... • https://jvn.jp/en/vu/JVNVU97050784/index.html • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 8.1EPSS: 0%CPEs: 113EXPL: 0CVE-2022-33208
https://notcve.org/view.php?id=CVE-2022-33208
04 Jul 2022 — Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communicat... • https://jvn.jp/en/vu/JVNVU97050784/index.html • CWE-294: Authentication Bypass by Capture-replay •