Vulnerability Advisories | オムロン制御機器

Please check the security guidelines and take measures based on the vulnerability advisories.

Dispatch date of Information	No	Affected Products	Omron Advisory	Remarks
Dispatch date of Information	No	Affected Products	3rd Party Advisory	Remarks
Last modified: May 7, 2025 Release date: January 14, 2025	OMSR-2025-001	Machine Automation Controller NJ-series Machine Automation Controller NX-series	Path Traversal Vulnerabilities in NJ/NX-series Machine Automation Controllers	<May 7, 2025> Added date of availability of countermeasures Added lot number information
Last modified: May 7, 2025 Release date: January 14, 2025	OMSR-2025-001		JVNVU#96335720
Last modified: May 7, 2025 Release date: April 22, 2024	OMSR-2024-003	CX-Programmer	Out-of-bounds Read vulnerability in CX-Programmer	<May 7, 2025> Update the Description
Last modified: May 7, 2025 Release date: April 22, 2024	OMSR-2024-003	CX-Programmer	JVNVU98274902	<May 7, 2025> Update the Description
Last modified: March 10, 2025 Release date: February 17, 2025	OMSR-2025-003	CX-Programmer	Out-of-bounds Read vulnerability in CX-Programmer	<March 10, 2025> Update the Description
	OMSR-2025-003	CX-Programmer	JVNVU92320053	<March 10, 2025> Update the Description
Release date: January 14, 2025	OMSR-2025-002	NB-Designer	Vulnerability Report on Improper Restriction of XML External Entity Reference in NB-Designer
Release date: January 14, 2025	OMSR-2025-002	NB-Designer	JVNVU#98734299
Release date: November 1, 2024	OMSR-2024-007	Programmable Controllers CS/CJ-series EtherNet/IP Unit	Multiple vulnerabilities caused by OpenSSL in CS/CJ-series Programmable Controllers EtherNet/IP Unit
Release date: November 1, 2024	OMSR-2024-007	Programmable Controllers CS/CJ-series EtherNet/IP Unit
Release date: November 1, 2024	OMSR-2024-006	Sysmac Studio	Incorrect Authorization (CWE-863) vulnerability in Sysmac Studio Software
Release date: November 1, 2024	OMSR-2024-006	Sysmac Studio	JVNVU#95685374
Release date: May 27, 2024	OMSR-2024-005	Machine Automation Controller NJ-series Machine Automation Controller NX-series	Multiple vulnerabilities caused by OpenSSL in NJ/NX-series Machine Automation Controllers
Release date: May 27, 2024	OMSR-2024-005
Release date: May 27, 2024	OMSR-2024-004	Machine Automation Controller NJ-series Machine Automation Controller NX-series	Insufficient Verification of Data Authenticity vulnerability in the NJ/NX-series Machine Automation Controllers
Release date: May 27, 2024	OMSR-2024-004		JVNVU#92504444
Last modified: May 27, 2024 Release date: March 7, 2024	OMSR-2024-001	Machine Automation Controller NJ-series Machine Automation Controller NX-series	Path Traversal vulnerability in NJ/NX-series Machine Automation Controllers	<May 27, 2024> Added date of availability of countermeasures Added lot number information
Last modified: May 27, 2024 Release date: March 7, 2024	OMSR-2024-001		JVNVU#95852116
Release date: April 22, 2024	OMSR-2024-002	CX-One Sysmac Studio	Free of Pointer not at Start of Buffer vulnerability in Common Modules of Sysmac Studio and CX-One
Release date: April 22, 2024	OMSR-2024-002	CX-One Sysmac Studio	JVNVU98274902
Last modified: November 13, 2023 Release date: September 19, 2023	OMSR-2023-010	Programmable Controller CJ-series Programmable Controller CS-series Programmable Controller CP-series	Improper Control of Interaction Frequency in FINS protocol between the CS/CJ/CP-series Programable Controllers	<November 13, 2023> Corrected method of obtaining countermeasure products.
	OMSR-2023-010		ICSA-23-262-05
Last modified: November 13, 2023 Release date: August 1, 2023	OMSR-2023-006	Programmable Controller CJ2M CPU Unit Programmable Controller CJ2H CPU Unit Programmable Controller CS/CJ Series EtherNet/IP™ Unit	Vulnerability that could cause a Denial of Service (DoS) state in the built-in EtherNet/IP™ port of the CJ Series CJ2 CPU unit and the CS/CJ series EtherNet/IP™ unit	<November 13, 2023> Corrected method of obtaining countermeasure products. <September 19, 2023> Corrected countermeasure version release date
	OMSR-2023-006		JVNVU#92193064
Release date: October 23, 2023	OMSR-2023-011	CX-Designer	Vulnerability Report on Improper Restriction of XML External Entity Reference in CX-Designer
Release date: October 23, 2023	OMSR-2023-011	CX-Designer	JVNVU#98683567
Release date: September 19, 2023	OMSR-2023-009	Automation Software Sysmac Studio	Improper Authorization Vulnerability in Automation Software Sysmac Studio
Release date: September 19, 2023	OMSR-2023-009	Automation Software Sysmac Studio	ICSA-23-262-04
Release date: September 19, 2023	OMSR-2023-008	Automation Software Sysmac Studio NX-IO Configurator	Path Traversal Vulnerability in Automation Software Sysmac Studio and NX-IO Configurator
Release date: September 19, 2023	OMSR-2023-008	Automation Software Sysmac Studio NX-IO Configurator	ICSA-23-262-03
Last modified: September 19, 2023 Release date: April 17, 2023	OMSR-2023-003	Programmable Controller CS-series CPU Units Programmable Controller CJ-series CPU Units Programmable Controller CP-series CPU Units Machine Automation Controller NJ-series CPU Units Machine Automation Controller NX1P-series CPU Units Machine Automation Controller NX102-series CPU Units Machine Automation Controller NX7 Database Connection	About Known Issues in the FINS Protocol Implemented in Omron Products	<September 19, 2023> Clerical corrections on Main products affected
	OMSR-2023-003		JVNTA#91513661
Release date: August 1, 2023	OMSR-2023-007	MX2 EtherNet/IP™ Option Board 3G3AX-MX2-EIP-A	NicheStack TCP/IP stack Vulnerabilities on EtherNet/IP™ option board for Multi-function Compact Inverter 3G3MX2
Release date: August 1, 2023	OMSR-2023-007	MX2 EtherNet/IP™ Option Board 3G3AX-MX2-EIP-A	ICSA-21-217-01
Release date: August 1, 2023	OMSR-2023-005	CX-Programmer	Out-of-bounds Read, Use After Free and Heap-based Buffer Overflow Vulnerabilities in CX-Programmer
Release date: August 1, 2023	OMSR-2023-005	CX-Programmer	JVNVU#93286117
Last modified：August 1, 2023 Release date: April 24, 2023	OMSR-2023-004	Support tool CX-Drive for inverter/servo	Support tool CX-Drive for inverter/servo heap-based buffer overflow vulnerability
Last modified：August 1, 2023 Release date: April 24, 2023	OMSR-2023-004	Support tool CX-Drive for inverter/servo	JVNVU#97372625
Release date: April 17, 2023	OMSR-2023-002	Programmable Controller CJ-series Programmable Controller CS-series	Missing Authentication Vulnerabilities related to file system of CS/CJ-series Programmable Controllers
Release date: April 17, 2023	OMSR-2023-002		ICSA-23-108-01
Release date: March 13, 2023	OMSR-2023-001	Programmable Controller CJ-series Programmable Controller CS-series Programmable Controller CP-series	Vulnerabilities related to bypass of user memory protection function of CS/CJ/CP-series Programmable Controllers
Release date: March 13, 2023	OMSR-2023-001		ICSA-23-073-01
Last modified：October 11, 2022 Release date: July 1, 2022	OMSR-2022-001	Machine Automation Controller NX7-series Machine Automation Controller NX1-series Machine Automation Controller NJ-series Automation Software Sysmac Studio Programable Terminal NA-series	Authentication bypass vulnerabilities in communications functions of NJ/NX-series Machine Automation Controllers
Last modified：October 11, 2022 Release date: July 1, 2022	OMSR-2022-001		ICSA-22-314-08
Last modified：October 11, 2022 Release date: July 1, 2022	OMSR-2022-002	Machine Automation Controller NX7-series Machine Automation Controller NX1-series Machine Automation Controller NJ-series	Malicious program execution vulnerability in NJ/NX-series Machine Automation Controllers
Last modified：October 11, 2022 Release date: July 1, 2022	OMSR-2022-002		ICSA-22-314-07