Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2022-34151

Disclosure Date: July 04, 2022
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software ‘Sysmac Studio’ all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
8.1 High
Impact Score:
5.9
Exploitability Score:
2.2
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • omron

Products

  • na5-12w firmware,
  • na5-15w firmware,
  • na5-7w firmware,
  • na5-9w firmware,
  • nj-pa3001 firmware,
  • nj-pd3001 firmware,
  • nj101-1000 firmware,
  • nj101-1020 firmware,
  • nj101-9000 firmware,
  • nj101-9020 firmware,
  • nj301-1100 firmware,
  • nj301-1200 firmware,
  • nj501-1300 firmware,
  • nj501-1320 firmware,
  • nj501-1340 firmware,
  • nj501-140 firmware,
  • nj501-1420 firmware,
  • nj501-1500 firmware,
  • nj501-1520 firmware,
  • nj501-4300 firmware,
  • nj501-4310 firmware,
  • nj501-4320 firmware,
  • nj501-4400 firmware,
  • nj501-4500 firmware,
  • nj501-5300 firmware,
  • nj501-r300 firmware,
  • nj501-r320 firmware,
  • nj501-r400 firmware,
  • nj501-r420 firmware,
  • nj501-r500 firmware,
  • nj501-r520 firmware,
  • nx102-1000 firmware,
  • nx102-1020 firmware,
  • nx102-1100 firmware,
  • nx102-1120 firmware,
  • nx102-1200 firmware,
  • nx102-1220 firmware,
  • nx102-9020 firmware,
  • nx1p2-1040dt firmware,
  • nx1p2-1040dt1 firmware,
  • nx1p2-1140dt firmware,
  • nx1p2-1140dt1 firmware,
  • nx1p2-9024dt firmware,
  • nx1p2-9024dt1 firmware,
  • nx1w-adb21 firmware,
  • nx1w-cif01 firmware,
  • nx1w-cif11 firmware,
  • nx1w-cif12 firmware,
  • nx1w-dab21v firmware,
  • nx1w-mab221 firmware,
  • nx701-1600 firmware,
  • nx701-1620 firmware,
  • nx701-1700 firmware,
  • nx701-1720 firmware,
  • nx701-z600 firmware,
  • nx701-z700 firmware,
  • sysmac studio

Exploited in the Wild

Reported by:

Additional Info

Technical Analysis