Please check the security guidelines and take measures based on the vulnerability advisories.

Latest Vulnerability Information
Dispatch date of Information No Affected Products Omron Advisory Remarks
3rd Party Advisory

Release date:
July 14, 2025

OMSR-2025-004 Machine Automation Controller NJ-series
Machine Automation Controller NX-series
Sysmac Studio
Least Privilege Violation Vulnerability in the communications functions of NJ/NX-series Machine Automation Controllers

Last modified:
May 7, 2025

Release date:
January 14, 2025

OMSR-2025-001 Machine Automation Controller NJ-series
Machine Automation Controller NX-series
Path Traversal Vulnerabilities in NJ/NX-series Machine Automation Controllers <May 7, 2025>
Added date of availability of countermeasures
Added lot number information
JVNVU#96335720

Last modified:
May 7, 2025

Release date:
April 22, 2024

OMSR-2024-003 CX-Programmer Out-of-bounds Read vulnerability in CX-Programmer <May 7, 2025>
Update the Description
JVNVU98274902

Last modified:
March 10, 2025

Release date:
February 17, 2025

OMSR-2025-003 CX-Programmer Out-of-bounds Read vulnerability in CX-Programmer <March 10, 2025>
Update the Description
JVNVU92320053

Release date:
January 14, 2025

OMSR-2025-002 NB-Designer Vulnerability Report on Improper Restriction of XML External Entity Reference in NB-Designer
JVNVU#98734299

Release date:
November 1, 2024

OMSR-2024-007 Programmable Controllers CS/CJ-series EtherNet/IP Unit Multiple vulnerabilities caused by OpenSSL in CS/CJ-series Programmable Controllers EtherNet/IP Unit

Release date:
November 1, 2024

OMSR-2024-006 Sysmac Studio Incorrect Authorization (CWE-863) vulnerability in Sysmac Studio Software
JVNVU#95685374

Release date:
May 27, 2024

OMSR-2024-005 Machine Automation Controller NJ-series
Machine Automation Controller NX-series
Multiple vulnerabilities caused by OpenSSL in NJ/NX-series Machine Automation Controllers

Release date:
May 27, 2024

OMSR-2024-004 Machine Automation Controller NJ-series
Machine Automation Controller NX-series
Insufficient Verification of Data Authenticity vulnerability in the NJ/NX-series Machine Automation Controllers
JVNVU#92504444

Last modified:
May 27, 2024

Release date:
March 7, 2024

OMSR-2024-001 Machine Automation Controller NJ-series
Machine Automation Controller NX-series
Path Traversal vulnerability in NJ/NX-series Machine Automation Controllers <May 27, 2024>
Added date of availability of countermeasures
Added lot number information
JVNVU#95852116

Release date:
April 22, 2024

OMSR-2024-002 CX-One
Sysmac Studio
Free of Pointer not at Start of Buffer vulnerability in Common Modules of Sysmac Studio and CX-One
JVNVU98274902

Last modified:
November 13, 2023

Release date:
September 19, 2023

OMSR-2023-010 Programmable Controller CJ-series
Programmable Controller CS-series
Programmable Controller CP-series
Improper Control of Interaction Frequency in FINS protocol between the CS/CJ/CP-series Programable Controllers <November 13, 2023>
Corrected method of obtaining countermeasure products.
ICSA-23-262-05

Last modified:
November 13, 2023

Release date:
August 1, 2023

OMSR-2023-006 Programmable Controller CJ2M CPU Unit
Programmable Controller CJ2H CPU Unit
Programmable Controller CS/CJ Series EtherNet/IP™ Unit
Vulnerability that could cause a Denial of Service (DoS) state in the built-in EtherNet/IP™ port of the CJ Series CJ2 CPU unit and the CS/CJ series EtherNet/IP™ unit <November 13, 2023>
Corrected method of obtaining countermeasure products.
<September 19, 2023>
Corrected countermeasure version release date
JVNVU#92193064

Release date:
October 23, 2023

OMSR-2023-011 CX-Designer Vulnerability Report on Improper Restriction of XML External Entity Reference in CX-Designer
JVNVU#98683567

Release date:
September 19, 2023

OMSR-2023-009 Automation Software Sysmac Studio Improper Authorization Vulnerability in Automation Software Sysmac Studio
ICSA-23-262-04

Release date:
September 19, 2023

OMSR-2023-008 Automation Software Sysmac Studio
NX-IO Configurator
Path Traversal Vulnerability in Automation Software Sysmac Studio and NX-IO Configurator
ICSA-23-262-03

Last modified:
September 19, 2023

Release date:
April 17, 2023

OMSR-2023-003 Programmable Controller CS-series CPU Units
Programmable Controller CJ-series CPU Units
Programmable Controller CP-series CPU Units
Machine Automation Controller NJ-series CPU Units
Machine Automation Controller NX1P-series CPU Units
Machine Automation Controller NX102-series CPU Units
Machine Automation Controller NX7 Database Connection
About Known Issues in the FINS Protocol Implemented in Omron Products <September 19, 2023>
Clerical corrections on Main products affected
JVNTA#91513661

Release date:
August 1, 2023

OMSR-2023-007 MX2 EtherNet/IP™ Option Board 3G3AX-MX2-EIP-A NicheStack TCP/IP stack Vulnerabilities on EtherNet/IP™ option board for Multi-function Compact Inverter 3G3MX2
ICSA-21-217-01

Release date:
August 1, 2023

OMSR-2023-005 CX-Programmer Out-of-bounds Read, Use After Free and Heap-based Buffer Overflow Vulnerabilities in CX-Programmer
JVNVU#93286117

Last modified:August 1, 2023

Release date:
April 24, 2023

OMSR-2023-004 Support tool CX-Drive for inverter/servo Support tool CX-Drive for inverter/servo heap-based buffer overflow vulnerability
JVNVU#97372625

Release date:
April 17, 2023

OMSR-2023-002 Programmable Controller CJ-series
Programmable Controller CS-series
Missing Authentication Vulnerabilities related to file system of CS/CJ-series Programmable Controllers
ICSA-23-108-01

Release date:
March 13, 2023

OMSR-2023-001 Programmable Controller CJ-series
Programmable Controller CS-series
Programmable Controller CP-series
Vulnerabilities related to bypass of user memory protection function of CS/CJ/CP-series Programmable Controllers
ICSA-23-073-01

Last modified:October 11, 2022

Release date:
July 1, 2022

OMSR-2022-001 Machine Automation Controller NX7-series
Machine Automation Controller NX1-series
Machine Automation Controller NJ-series
Automation Software Sysmac Studio
Programable Terminal NA-series
Authentication bypass vulnerabilities in communications functions of NJ/NX-series Machine Automation Controllers
ICSA-22-314-08

Last modified:October 11, 2022

Release date:
July 1, 2022

OMSR-2022-002 Machine Automation Controller NX7-series
Machine Automation Controller NX1-series
Machine Automation Controller NJ-series
Malicious program execution vulnerability in NJ/NX-series Machine Automation Controllers
ICSA-22-314-07