Dispatch date of Information No Affected Products Omron Advisory Remarks
3rd Party Advisory

Release date:
November 1, 2024

OMSR-2024-007 Programmable Controllers CS/CJ-series EtherNet/IP Unit Multiple vulnerabilities caused by OpenSSL in CS/CJ-series Programmable Controllers EtherNet/IP Unit

Release date:
November 1, 2024

OMSR-2024-006 Sysmac Studio Incorrect Authorization (CWE-863) vulnerability in Sysmac Studio Software

Release date:
May 27, 2024

OMSR-2024-005 Machine Automation Controller NJ-series
Machine Automation Controller NX-series
Multiple vulnerabilities caused by OpenSSL in NJ/NX-series Machine Automation Controllers

Release date:
May 27, 2024

OMSR-2024-004 Machine Automation Controller NJ-series
Machine Automation Controller NX-series
Insufficient Verification of Data Authenticity vulnerability in the NJ/NX-series Machine Automation Controllers
JVNVU#92504444

Last modified:
May 27, 2024

Release date:
March 7, 2024

OMSR-2024-001 Machine Automation Controller NJ-series
Machine Automation Controller NX-series
Path Traversal vulnerability in NJ/NX-series Machine Automation Controllers <May 27, 2024>
Added date of availability of countermeasures
Added lot number information
JVNVU#95852116

Release date:
April 22, 2024

OMSR-2024-003 CX-Programmer Out-of-bounds Read vulnerability in CX-Programmer
JVNVU98274902

Release date:
April 22, 2024

OMSR-2024-002 CX-One
Sysmac Studio
Free of Pointer not at Start of Buffer vulnerability in Common Modules of Sysmac Studio and CX-One
JVNVU98274902

Last modified:
November 13, 2023

Release date:
September 19, 2023

OMSR-2023-010 Programmable Controller CJ-series
Programmable Controller CS-series
Programmable Controller CP-series
Improper Control of Interaction Frequency in FINS protocol between the CS/CJ/CP-series Programable Controllers <November 13, 2023>
Corrected method of obtaining countermeasure products.
ICSA-23-262-05

Last modified:
November 13, 2023

Release date:
August 1, 2023

OMSR-2023-006 Programmable Controller CJ2M CPU Unit
Programmable Controller CJ2H CPU Unit
Programmable Controller CS/CJ Series EtherNet/IP™ Unit
Vulnerability that could cause a Denial of Service (DoS) state in the built-in EtherNet/IP™ port of the CJ Series CJ2 CPU unit and the CS/CJ series EtherNet/IP™ unit <November 13, 2023>
Corrected method of obtaining countermeasure products.
<September 19, 2023>
Corrected countermeasure version release date
JVNVU#92193064

Release date:
October 23, 2023

OMSR-2023-011 CX-Designer Vulnerability Report on Improper Restriction of XML External Entity Reference in CX-Designer
JVNVU#98683567

Release date:
September 19, 2023

OMSR-2023-009 Automation Software Sysmac Studio Improper Authorization Vulnerability in Automation Software Sysmac Studio
ICSA-23-262-04

Release date:
September 19, 2023

OMSR-2023-008 Automation Software Sysmac Studio
NX-IO Configurator
Path Traversal Vulnerability in Automation Software Sysmac Studio and NX-IO Configurator
ICSA-23-262-03

Last modified:
September 19, 2023

Release date:
April 17, 2023

OMSR-2023-003 Programmable Controller CS-series CPU Units
Programmable Controller CJ-series CPU Units
Programmable Controller CP-series CPU Units
Machine Automation Controller NJ-series CPU Units
Machine Automation Controller NX1P-series CPU Units
Machine Automation Controller NX102-series CPU Units
Machine Automation Controller NX7 Database Connection
About Known Issues in the FINS Protocol Implemented in Omron Products <September 19, 2023>
Clerical corrections on Main products affected
JVNTA#91513661

Release date:
August 1, 2023

OMSR-2023-007 MX2 EtherNet/IP™ Option Board 3G3AX-MX2-EIP-A NicheStack TCP/IP stack Vulnerabilities on EtherNet/IP™ option board for Multi-function Compact Inverter 3G3MX2
ICSA-21-217-01

Release date:
August 1, 2023

OMSR-2023-005 CX-Programmer Out-of-bounds Read, Use After Free and Heap-based Buffer Overflow Vulnerabilities in CX-Programmer
JVNVU#93286117

Last modified:August 1, 2023

Release date:
April 24, 2023

OMSR-2023-004 Support tool CX-Drive for inverter/servo Support tool CX-Drive for inverter/servo heap-based buffer overflow vulnerability
JVNVU#97372625

Release date:
April 17, 2023

OMSR-2023-002 Programmable Controller CJ-series
Programmable Controller CS-series
Missing Authentication Vulnerabilities related to file system of CS/CJ-series Programmable Controllers
ICSA-23-108-01

Release date:
March 13, 2023

OMSR-2023-001 Programmable Controller CJ-series
Programmable Controller CS-series
Programmable Controller CP-series
Vulnerabilities related to bypass of user memory protection function of CS/CJ/CP-series Programmable Controllers
ICSA-23-073-01

Last modified:October 11, 2022

Release date:
July 1, 2022

OMSR-2022-001 Machine Automation Controller NX7-series
Machine Automation Controller NX1-series
Machine Automation Controller NJ-series
Automation Software Sysmac Studio
Programable Terminal NA-series
Authentication bypass vulnerabilities in communications functions of NJ/NX-series Machine Automation Controllers
ICSA-22-314-08

Last modified:October 11, 2022

Release date:
July 1, 2022

OMSR-2022-002 Machine Automation Controller NX7-series
Machine Automation Controller NX1-series
Machine Automation Controller NJ-series
Malicious program execution vulnerability in NJ/NX-series Machine Automation Controllers
ICSA-22-314-07