|
[Japanese]
|
JVNDB-2024-003242
|
OMRON NJ/NX series vulnerable to insufficient verification of data authenticity
|
|
Machine Automation Controller NJ/NX series provided by OMRON Corporation contain an issue with insufficient verification of data authenticity (CWE-345).
OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
|
|
CVSS V3 Severity:
Base Metrics 4.8 (Medium) [Other]
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
|
|
|
OMRON Corporation
- Machine automation controller NJ series CPU Unit all versions
- Machine automation controller NX series CPU Unit all versions
|
|
|
If a user program in the affected product is altered, the product may not be able to detect the alteration.
|
|
[Use "User Program Transfer with No Restoration Information" (*1) ]
(*1) See the following manual provided by the developer for "User Program Transfer with No Restoration Information"
* NJ/NX-series CPU unit Software User's Manual (W501)
[Apply workaround]
The developer recommends users should apply the following mitigations or workaround.
* Restrict access from untrusted network devices
* Isolate the product from IT network by using firewall (such as closing unused communication ports, restricting communication hosts, etc.)
For more information, refer to the information provided by the developer .
|
|
OMRON Corporation
|
|
- Insufficient Verification of Data Authenticity(CWE-345) [Other]
|
|
- CVE-2024-33687
|
|
- JVN : JVNVU#92504444
- National Vulnerability Database (NVD) : CVE-2024-33687
|
|
- [2024/05/28]
Web page was published
- [2024/07/26]
References : Content was added
|
