Please check the security guidelines and take measures based on the vulnerability advisories.
| Dispatch date of Information | No | Affected Products | Omron Advisory | Remarks |
|---|---|---|---|---|
| 3rd Party Advisory | ||||
Release date: |
OMSR-2025-004 | Machine Automation Controller NJ-series Machine Automation Controller NX-series Sysmac Studio |
Least Privilege Violation Vulnerability in the communications functions of NJ/NX-series Machine Automation Controllers | |
Last modified: Release date: |
OMSR-2025-001 | Machine Automation Controller NJ-series Machine Automation Controller NX-series |
Path Traversal Vulnerabilities in NJ/NX-series Machine Automation Controllers | <May 7, 2025> Added date of availability of countermeasures Added lot number information |
| JVNVU#96335720 | ||||
Last modified: Release date: |
OMSR-2024-003 | CX-Programmer | Out-of-bounds Read vulnerability in CX-Programmer | <May 7, 2025> Update the Description |
| JVNVU98274902 | ||||
Last modified: Release date: |
OMSR-2025-003 | CX-Programmer | Out-of-bounds Read vulnerability in CX-Programmer | <March 10, 2025> Update the Description |
| JVNVU92320053 | ||||
Release date: |
OMSR-2025-002 | NB-Designer | Vulnerability Report on Improper Restriction of XML External Entity Reference in NB-Designer | |
| JVNVU#98734299 | ||||
Release date: |
OMSR-2024-007 | Programmable Controllers CS/CJ-series EtherNet/IP Unit | Multiple vulnerabilities caused by OpenSSL in CS/CJ-series Programmable Controllers EtherNet/IP Unit | |
Release date: |
OMSR-2024-006 | Sysmac Studio | Incorrect Authorization (CWE-863) vulnerability in Sysmac Studio Software | |
| JVNVU#95685374 | ||||
Release date: |
OMSR-2024-005 | Machine Automation Controller NJ-series Machine Automation Controller NX-series |
Multiple vulnerabilities caused by OpenSSL in NJ/NX-series Machine Automation Controllers | |
Release date: |
OMSR-2024-004 | Machine Automation Controller NJ-series Machine Automation Controller NX-series |
Insufficient Verification of Data Authenticity vulnerability in the NJ/NX-series Machine Automation Controllers | |
| JVNVU#92504444 | ||||
Last modified: Release date: |
OMSR-2024-001 | Machine Automation Controller NJ-series Machine Automation Controller NX-series |
Path Traversal vulnerability in NJ/NX-series Machine Automation Controllers | <May 27, 2024> Added date of availability of countermeasures Added lot number information |
| JVNVU#95852116 | ||||
Release date: |
OMSR-2024-002 | CX-One Sysmac Studio |
Free of Pointer not at Start of Buffer vulnerability in Common Modules of Sysmac Studio and CX-One | |
| JVNVU98274902 | ||||
Last modified: Release date: |
OMSR-2023-010 | Programmable Controller CJ-series Programmable Controller CS-series Programmable Controller CP-series |
Improper Control of Interaction Frequency in FINS protocol between the CS/CJ/CP-series Programable Controllers | <November 13, 2023> Corrected method of obtaining countermeasure products. |
| ICSA-23-262-05 | ||||
Last modified: Release date: |
OMSR-2023-006 |
Programmable Controller CJ2M CPU Unit Programmable Controller CJ2H CPU Unit Programmable Controller CS/CJ Series EtherNet/IP™ Unit |
Vulnerability that could cause a Denial of Service (DoS) state in the built-in EtherNet/IP™ port of the CJ Series CJ2 CPU unit and the CS/CJ series EtherNet/IP™ unit | <November 13, 2023> Corrected method of obtaining countermeasure products. <September 19, 2023> Corrected countermeasure version release date |
| JVNVU#92193064 | ||||
Release date: |
OMSR-2023-011 | CX-Designer | Vulnerability Report on Improper Restriction of XML External Entity Reference in CX-Designer | |
| JVNVU#98683567 | ||||
Release date: |
OMSR-2023-009 | Automation Software Sysmac Studio | Improper Authorization Vulnerability in Automation Software Sysmac Studio | |
| ICSA-23-262-04 | ||||
Release date: |
OMSR-2023-008 | Automation Software Sysmac Studio NX-IO Configurator |
Path Traversal Vulnerability in Automation Software Sysmac Studio and NX-IO Configurator | |
| ICSA-23-262-03 | ||||
Last modified: Release date: |
OMSR-2023-003 |
Programmable Controller CS-series CPU Units Programmable Controller CJ-series CPU Units Programmable Controller CP-series CPU Units Machine Automation Controller NJ-series CPU Units Machine Automation Controller NX1P-series CPU Units Machine Automation Controller NX102-series CPU Units Machine Automation Controller NX7 Database Connection |
About Known Issues in the FINS Protocol Implemented in Omron Products | <September 19, 2023> Clerical corrections on Main products affected |
| JVNTA#91513661 | ||||
Release date: |
OMSR-2023-007 | MX2 EtherNet/IP™ Option Board 3G3AX-MX2-EIP-A | NicheStack TCP/IP stack Vulnerabilities on EtherNet/IP™ option board for Multi-function Compact Inverter 3G3MX2 | |
| ICSA-21-217-01 | ||||
Release date: |
OMSR-2023-005 | CX-Programmer | Out-of-bounds Read, Use After Free and Heap-based Buffer Overflow Vulnerabilities in CX-Programmer | |
| JVNVU#93286117 | ||||
Last modified:August 1, 2023 Release date: |
OMSR-2023-004 | Support tool CX-Drive for inverter/servo | Support tool CX-Drive for inverter/servo heap-based buffer overflow vulnerability | |
| JVNVU#97372625 | ||||
Release date: |
OMSR-2023-002 |
Programmable Controller CJ-series Programmable Controller CS-series |
Missing Authentication Vulnerabilities related to file system of CS/CJ-series Programmable Controllers | |
| ICSA-23-108-01 | ||||
Release date: |
OMSR-2023-001 |
Programmable Controller CJ-series Programmable Controller CS-series Programmable Controller CP-series |
Vulnerabilities related to bypass of user memory protection function of CS/CJ/CP-series Programmable Controllers | |
| ICSA-23-073-01 | ||||
Last modified:October 11, 2022 Release date: |
OMSR-2022-001 |
Machine Automation Controller NX7-series Machine Automation Controller NX1-series Machine Automation Controller NJ-series Automation Software Sysmac Studio Programable Terminal NA-series |
Authentication bypass vulnerabilities in communications functions of NJ/NX-series Machine Automation Controllers | |
| ICSA-22-314-08 | ||||
Last modified:October 11, 2022 Release date: |
OMSR-2022-002 |
Machine Automation Controller NX7-series Machine Automation Controller NX1-series Machine Automation Controller NJ-series |
Malicious program execution vulnerability in NJ/NX-series Machine Automation Controllers | |
| ICSA-22-314-07 |