8.1
CWE
294
Advisory Published
Updated

CVE-2022-33208

First published: Mon Jul 04 2022(Updated: )

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller.

Credit: vultures@jpcert.or.jp

Affected SoftwareAffected VersionHow to fix
Omron NX701-1600<=1.28
Omron NX701-1600
Omron Nx701-1700<=1.28
Omron NX701-1700 Firmware
Omron Nx701-Z700<=1.28
Omron NX701-Z700
Omron NX701-Z600 Firmware<=1.28
Omron Nx701-z600 Firmware
Omron NX701-1720 Firmware<=1.28
Omron NX701-1720 Firmware
Omron Nx701-1620 Firmware<=1.28
Omron Nx701-1620 Firmware
Omron NX102 Firmware<=1.48
Omron Nx102-1200 Firmware
Omron Nx102-1100<=1.48
Omron NX102 Firmware
Omron NX102 Firmware<=1.48
Omron NX102
Omron NX102 Firmware<=1.48
Omron Nx102-1220 Firmware
Omron Nx102-1120<=1.48
Omron NX102-1120 Firmware
Omron NX102 Firmware<=1.48
Omron NX102 Firmware
Omron NX102 Firmware<=1.48
Omron Nx102-9020 Firmware
Omron Nx1p2-1140dt1 Firmware<=1.48
Omron Nx1P2-1140DT1
Omron Nx1P2-1140DT1<=1.48
Omron Nx1p2-1140dt1 Firmware
Omron NX1P2-1040DT1 Firmware<=1.48
Omron Nx1p2-1040dt Firmware
Omron NX1P2-1040DT1 Firmware<=1.48
Omron NX1P2-1040DT1 Firmware
Omron NX1P2-9024DT1 Firmware<=1.48
Omron Nx1p2-9024dt1 Firmware
Omron NX1P2-9024DT1<=1.48
Omron NX1P2-9024DT1 Firmware
Omron NX1W-CIF01<=1.48
Omron NX1W-CIF01 Firmware
Omron Nx1w-cif11<=1.48
Omron NX1W-CIF11
Omron NX1W-CIF12<=1.48
Omron NX1W-CIF12 Firmware
Omron NX1W-ADB21<=1.48
Omron NX1W-ADB21
Omron NX1W-DAB21V<=1.48
Omron NX1W-DAB21V
Omron NX1W-MAB221<=1.48
Omron NX1W-MAB221
Omron NJ501-1500 Firmware<=1.48
Omron Nj501-1500 Firmware
Omron NJ501-140 Firmware<=1.48
Omron NJ501-140 Firmware
Omron NJ501-1300 Firmware<=1.48
Omron NJ501-1300 Firmware
Omron NJ501-R500 Firmware<=1.48
Omron NJ501-R500 Firmware
Omron NJ501-R520<=1.48
Omron NJ501-R520 Firmware
Omron NJ501-R400 Firmware<=1.48
Omron Nj501-r400 Firmware
Omron NJ501-R420 Firmware<=1.48
Omron NJ501-R420 Firmware
Omron NJ501-R300 Firmware<=1.48
Omron NJ501-R300 Firmware
Omron NJ501-R320 Firmware<=1.48
Omron Nj501-R320 Firmware
Omron Nj501-5300-1 Firmware<=1.48
Omron NJ501-5300 Firmware
Omron NJ501-1520 Firmware<=1.48
Omron Nj501-1520 Firmware
Omron NJ501-1420 Firmware<=1.48
Omron NJ501-1420 Firmware
Omron NJ501-1320<=1.48
Omron NJ501-1320
Omron NJ101-1020 Firmware<=1.48
Omron NJ101-1020 Firmware
Omron PLC NJ Firmware<=1.48
Omron NJ101-9020
Omron NJ501-1340 Firmware<=1.48
Omron Nj501-1340 Firmware
Omron NJ501-4500 Firmware<=1.48
Omron NJ501-4500 Firmware
Omron Nj501-4400 Firmware<=1.48
Omron Nj501-4400 Firmware
Omron NJ501-4300 Firmware<=1.48
Omron NJ501-4300 Firmware
Omron NJ501-4310 Firmware<=1.48
Omron NJ501-4310 Firmware
Omron NJ501-4320 Firmware<=1.48
Omron NJ501-4320 Firmware
Omron NJ301-1200<1.48
Omron NJ301-1200 Firmware
Omron NJ301-1100 Firmware<=1.48
Omron NJ301-1100 Firmware
Omron NJ101-1000 Firmware<=1.48
Omron Nj101-1000 Firmware
Omron NJ101-9000<=1.48
Omron NJ101-9000
Omron NJ-PA3001 Firmware<=1.48
Omron NJ-PA3001 Firmware
Omron NJ-PD3001<=1.48
Omron Nj-pa3001 Firmware
Omron Automation Software Sysmac Studio<=1.49
Omron Na5-15w<=1.15
Omron NA5-15W
Omron Na5-12w<=1.15
Omron Na5-12w Firmware
Omron Na5-9w<=1.15
Omron Na5-9w Firmware
Omron NA5-7W Firmware<=1.15
Omron NA5-7W Firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What systems are affected by CVE-2022-33208?

    CVE-2022-33208 affects various Omron Machine automation controllers including NJ series, NX7 series, NX1 series, and several firmware versions up to 1.48 and 1.28.

  • What is the nature of the vulnerability in CVE-2022-33208?

    CVE-2022-33208 is an authentication bypass vulnerability that allows capture-replay attacks.

  • How can CVE-2022-33208 be mitigated or fixed?

    To fix CVE-2022-33208, you should upgrade impacted devices to the latest firmware versions that address this vulnerability.

  • What is the risk associated with CVE-2022-33208?

    The risk associated with CVE-2022-33208 includes unauthorized access to affected systems, which can lead to potential misuse of automation tasks.

  • Is there a security advisory available for CVE-2022-33208?

    Yes, a security advisory regarding CVE-2022-33208 is available from Omron detailing the affected products and recommended actions.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203