CVE-2025-1384

Description

Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the controller products.

Reserved 2025-02-16 | Published 2025-07-13 | Updated 2025-07-13 | Assigner OMRON

Problem types

CWE-272 Least Privilege Violation

Product status

Default status
unknown

NJ101-[][][][] Ver.1.67.00 or lower
affected

Default status
unknown

NJ301-1[]00 Ver.1.67.00 or lower
affected

Default status
unknown

NJ501-1[]00 Ver.1.67.02 or lower
affected

Default status
unknown

NJ501-1[]20 Ver.1.68.01 or lower
affected

Default status
unknown

NJ501-1340 Ver.1.67.00 or lower
affected

Default status
unknown

NJ501-4[][][] Ver.1.67.00 or lower
affected

Default status
unknown

NJ501-5300 Ver.1.67.01 or lower
affected

Default status
unknown

NJ501-R[]00 Ver.1.67.01 or lower
affected

Default status
unknown

NJ501-R[]20 Ver.1.67.00 or lower
affected

Default status
unknown

NX102-[][][][] Ver.1.68.01 or lower
affected

Default status
unknown

NX1P2-[][][][][][] Ver.1.64.09 or lower
affected

Default status
unknown

NX1P2-[][][][][][]1 Ver.1.64.09 or lower
affected

Default status
unknown

NX502-[][][][] Ver.1.68.01 or lower
affected

Default status
unknown

NX701-[][][][] Ver.1.35.09 or lower
affected

Default status
unknown

SYSMAC-SE2[][][] all
affected

References

www.fa.omron.co.jp/...ity/assets/pdf/en/OMSR-2025-004_en.pdf

www.fa.omron.co.jp/...ity/assets/pdf/ja/OMSR-2025-004_ja.pdf

cve.org (CVE-2025-1384)

nvd.nist.gov (CVE-2025-1384)

Download JSON