CVE-2025-1384
Published: Jul 13, 2025
Modified: Jul 14, 2025
CVSS v3.1
7.0
Description
Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the controller products.
| Vendor | Product | Versions |
|---|---|---|
OMRON Corporation | Machine Automation Controller NJ-series | affected NJ101-[][][][] Ver.1.67.00 or lower |
OMRON Corporation | Machine Automation Controller NJ-series | affected NJ301-1[]00 Ver.1.67.00 or lower |
OMRON Corporation | Machine Automation Controller NJ-series | affected NJ501-1[]00 Ver.1.67.02 or lower |
OMRON Corporation | Machine Automation Controller NJ-series | affected NJ501-1[]20 Ver.1.68.01 or lower |
OMRON Corporation | Machine Automation Controller NJ-series | affected NJ501-1340 Ver.1.67.00 or lower |
OMRON Corporation | Machine Automation Controller NJ-series | affected NJ501-4[][][] Ver.1.67.00 or lower |
OMRON Corporation | Machine Automation Controller NJ-series | affected NJ501-5300 Ver.1.67.01 or lower |
OMRON Corporation | Machine Automation Controller NJ-series | affected NJ501-R[]00 Ver.1.67.01 or lower |
OMRON Corporation | Machine Automation Controller NJ-series | affected NJ501-R[]20 Ver.1.67.00 or lower |
OMRON Corporation | Machine Automation Controller NX-series | affected NX102-[][][][] Ver.1.68.01 or lower |
OMRON Corporation | Machine Automation Controller NX-series | affected NX1P2-[][][][][][] Ver.1.64.09 or lower |
OMRON Corporation | Machine Automation Controller NX-series | affected NX1P2-[][][][][][]1 Ver.1.64.09 or lower |
OMRON Corporation | Machine Automation Controller NX-series | affected NX502-[][][][] Ver.1.68.01 or lower |
OMRON Corporation | Machine Automation Controller NX-series | affected NX701-[][][][] Ver.1.35.09 or lower |
OMRON Corporation | Sysmac Studio Software | affected SYSMAC-SE2[][][] all |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now