Vulnerability Advisories | オムロン制御機器

Dispatch date of Information	No	Affected Products	Omron Advisory	Remarks
Dispatch date of Information	No	Affected Products	3rd Party Advisory	Remarks
Release date: May 27, 2024	OMSR-2024-005	Machine Automation Controller NJ-series Machine Automation Controller NX-series	Multiple vulnerabilities caused by OpenSSL in NJ/NX-series Machine Automation Controllers
Release date: May 27, 2024	OMSR-2024-005
Release date: May 27, 2024	OMSR-2024-004	Machine Automation Controller NJ-series Machine Automation Controller NX-series	Insufficient Verification of Data Authenticity vulnerability in the NJ/NX-series Machine Automation Controllers
Release date: May 27, 2024	OMSR-2024-004
Last modified: May 27, 2024 Release date: March 7, 2024	OMSR-2024-001	Machine Automation Controller NJ-series Machine Automation Controller NX-series	Path Traversal vulnerability in NJ/NX-series Machine Automation Controllers	<May 27, 2024> Added date of availability of countermeasures Added lot number information
Last modified: May 27, 2024 Release date: March 7, 2024	OMSR-2024-001		JVNVU#95852116
Release date: April 22, 2024	OMSR-2024-003	CX-Programmer	Out-of-bounds Read vulnerability in CX-Programmer
Release date: April 22, 2024	OMSR-2024-003	CX-Programmer	JVNVU98274902
Release date: April 22, 2024	OMSR-2024-002	CX-One Sysmac Studio	Free of Pointer not at Start of Buffer vulnerability in Common Modules of Sysmac Studio and CX-One
Release date: April 22, 2024	OMSR-2024-002	CX-One Sysmac Studio	JVNVU98274902
Last modified: November 13, 2023 Release date: September 19, 2023	OMSR-2023-010	Programmable Controller CJ-series Programmable Controller CS-series Programmable Controller CP-series	Improper Control of Interaction Frequency in FINS protocol between the CS/CJ/CP-series Programable Controllers	<November 13, 2023> Corrected method of obtaining countermeasure products.
	OMSR-2023-010		ICSA-23-262-05
Last modified: November 13, 2023 Release date: August 1, 2023	OMSR-2023-006	Programmable Controller CJ2M CPU Unit Programmable Controller CJ2H CPU Unit Programmable Controller CS/CJ Series EtherNet/IP™ Unit	Vulnerability that could cause a Denial of Service (DoS) state in the built-in EtherNet/IP™ port of the CJ Series CJ2 CPU unit and the CS/CJ series EtherNet/IP™ unit	<November 13, 2023> Corrected method of obtaining countermeasure products. <September 19, 2023> Corrected countermeasure version release date
	OMSR-2023-006		JVNVU#92193064
Release date: October 23, 2023	OMSR-2023-011	CX-Designer	Vulnerability Report on Improper Restriction of XML External Entity Reference in CX-Designer
Release date: October 23, 2023	OMSR-2023-011	CX-Designer	JVNVU#98683567
Release date: September 19, 2023	OMSR-2023-009	Automation Software Sysmac Studio	Improper Authorization Vulnerability in Automation Software Sysmac Studio
Release date: September 19, 2023	OMSR-2023-009	Automation Software Sysmac Studio	ICSA-23-262-04
Release date: September 19, 2023	OMSR-2023-008	Automation Software Sysmac Studio NX-IO Configurator	Path Traversal Vulnerability in Automation Software Sysmac Studio and NX-IO Configurator
Release date: September 19, 2023	OMSR-2023-008	Automation Software Sysmac Studio NX-IO Configurator	ICSA-23-262-03
Last modified: September 19, 2023 Release date: April 17, 2023	OMSR-2023-003	Programmable Controller CS-series CPU Units Programmable Controller CJ-series CPU Units Programmable Controller CP-series CPU Units Machine Automation Controller NJ-series CPU Units Machine Automation Controller NX1P-series CPU Units Machine Automation Controller NX102-series CPU Units Machine Automation Controller NX7 Database Connection	About Known Issues in the FINS Protocol Implemented in Omron Products	<September 19, 2023> Clerical corrections on Main products affected
	OMSR-2023-003		JVNTA#91513661
Release date: August 1, 2023	OMSR-2023-007	MX2 EtherNet/IP™ Option Board 3G3AX-MX2-EIP-A	NicheStack TCP/IP stack Vulnerabilities on EtherNet/IP™ option board for Multi-function Compact Inverter 3G3MX2
Release date: August 1, 2023	OMSR-2023-007	MX2 EtherNet/IP™ Option Board 3G3AX-MX2-EIP-A	ICSA-21-217-01
Release date: August 1, 2023	OMSR-2023-005	CX-Programmer	Out-of-bounds Read, Use After Free and Heap-based Buffer Overflow Vulnerabilities in CX-Programmer
Release date: August 1, 2023	OMSR-2023-005	CX-Programmer	JVNVU#93286117
Last modified：August 1, 2023 Release date: April 24, 2023	OMSR-2023-004	Support tool CX-Drive for inverter/servo	Support tool CX-Drive for inverter/servo heap-based buffer overflow vulnerability
Last modified：August 1, 2023 Release date: April 24, 2023	OMSR-2023-004	Support tool CX-Drive for inverter/servo	JVNVU#97372625
Release date: April 17, 2023	OMSR-2023-002	Programmable Controller CJ-series Programmable Controller CS-series	Missing Authentication Vulnerabilities related to file system of CS/CJ-series Programmable Controllers
Release date: April 17, 2023	OMSR-2023-002		ICSA-23-108-01
Release date: March 13, 2023	OMSR-2023-001	Programmable Controller CJ-series Programmable Controller CS-series Programmable Controller CP-series	Vulnerabilities related to bypass of user memory protection function of CS/CJ/CP-series Programmable Controllers
Release date: March 13, 2023	OMSR-2023-001		ICSA-23-073-01
Last modified：October 11, 2022 Release date: July 1, 2022	OMSR-2022-001	Machine Automation Controller NX7-series Machine Automation Controller NX1-series Machine Automation Controller NJ-series Automation Software Sysmac Studio Programable Terminal NA-series	Authentication bypass vulnerabilities in communications functions of NJ/NX-series Machine Automation Controllers
Last modified：October 11, 2022 Release date: July 1, 2022	OMSR-2022-001		ICSA-22-314-08
Last modified：October 11, 2022 Release date: July 1, 2022	OMSR-2022-002	Machine Automation Controller NX7-series Machine Automation Controller NX1-series Machine Automation Controller NJ-series	Malicious program execution vulnerability in NJ/NX-series Machine Automation Controllers
Last modified：October 11, 2022 Release date: July 1, 2022	OMSR-2022-002		ICSA-22-314-07