| Dispatch date of Information | Affected Products | Omron Advisory | Remarks |
|---|---|---|---|
| 3rd Party Advisory | |||
Last modified: Release date: |
Programmable Controller CJ-series Programmable Controller CS-series Programmable Controller CP-series |
Improper Control of Interaction Frequency in FINS protocol between the CS/CJ/CP-series Programable Controllers | <November 13, 2023> Corrected method of obtaining countermeasure products. |
| ICSA-23-262-05 | |||
Last modified: Release date: |
Programmable Controller CJ2M CPU Unit Programmable Controller CJ2H CPU Unit Programmable Controller CS/CJ Series EtherNet/IP™ Unit |
Vulnerability that could cause a Denial of Service (DoS) state in the built-in EtherNet/IP™ port of the CJ Series CJ2 CPU unit and the CS/CJ series EtherNet/IP™ unit | <November 13, 2023> Corrected method of obtaining countermeasure products. <September 19, 2023> Corrected countermeasure version release date |
| JVNVU#92193064 | |||
Release date: |
CX-Designer | Vulnerability Report on Improper Restriction of XML External Entity Reference in CX-Designer | |
| JVNVU#98683567 | |||
Release date: |
Automation Software Sysmac Studio | Improper Authorization Vulnerability in Automation Software Sysmac Studio | |
| ICSA-23-262-04 | |||
Release date: |
Automation Software Sysmac Studio NX-IO Configurator |
Pass Traversal Vulnerability in Automation Software Sysmac Studio and NX-IO Configurator | |
| ICSA-23-262-03 | |||
Last modified: Release date: |
Programmable Controller CS-series CPU Units Programmable Controller CJ-series CPU Units Programmable Controller CP-series CPU Units Machine Automation Controller NJ-series CPU Units Machine Automation Controller NX1P-series CPU Units Machine Automation Controller NX102-series CPU Units Machine Automation Controller NX7 Database Connection |
About Known Issues in the FINS Protocol Implemented in Omron Products | <September 19, 2023> Clerical corrections on Main products affected |
| JVNTA#91513661 | |||
Release date: |
MX2 EtherNet/IP™ Option Board 3G3AX-MX2-EIP-A | NicheStack TCP/IP stack Vulnerabilities on EtherNet/IP™ option board for Multi-function Compact Inverter 3G3MX2 | |
| ICSA-21-217-01 | |||
Release date: |
CX-Programmer | Out-of-bounds Read, Use After Free and Heap-based Buffer Overflow Vulnerabilities in CX-Programmer | |
| JVNVU#93286117 | |||
Last modified:August 1, 2023 Release date: |
Support tool CX-Drive for inverter/servo | Support tool CX-Drive for inverter/servo heap-based buffer overflow vulnerability | |
| JVNVU#97372625 | |||
Release date: |
Programmable Controller CJ-series Programmable Controller CS-series |
Missing Authentication Vulnerabilities related to file system of CS/CJ-series Programmable Controllers | |
| ICSA-23-108-01 | |||
Release date: |
Programmable Controller CJ-series Programmable Controller CS-series Programmable Controller CP-series |
Vulnerabilities related to bypass of user memory protection function of CS/CJ/CP-series Programmable Controllers | |
| ICSA-23-073-01 | |||
Last modified:October 11, 2022 Release date: |
Machine Automation Controller NX7-series Machine Automation Controller NX1-series Machine Automation Controller NJ-series Automation Software Sysmac Studio Programable Terminal NA-series |
Authentication bypass vulnerabilities in communications functions of NJ/NX-series Machine Automation Controllers | |
| ICSA-22-314-08 | |||
Last modified:October 11, 2022 Release date: |
Machine Automation Controller NX7-series Machine Automation Controller NX1-series Machine Automation Controller NJ-series |
Malicious program execution vulnerability in NJ/NX-series Machine Automation Controllers | |
| ICSA-22-314-07 |