CVE-2022-33971
Description
Active debug code in Omron NJ/NX/NX7 series controllers (up to V1.28/V1.48) allows adjacent attackers to cause DoS or execute malicious programs via network packet analysis.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Active debug code in Omron NJ/NX/NX7 series controllers (up to V1.28/V1.48) allows adjacent attackers to cause DoS or execute malicious programs via network packet analysis.
Vulnerability
Omron Machine automation controller NX7 series (all models V1.28 and earlier), NX1 series (all models V1.48 and earlier), and NJ series (all models V1.48 and earlier) contain active debug code (CWE-489). This vulnerability, assigned CVE-2022-33971, allows an attacker to interact with debug functionality left enabled in production firmware [1].
Exploitation
An attacker must be on the same network segment (adjacent attacker) and analyze the communication between the controller and specific software used internally by Omron, such as Sysmac Studio or a programmable terminal. The attack requires no user interaction but demands that the attacker can capture and replay network packets. The CVSS v3.1 vector is AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H with a base score of 8.3, indicating the need for high attack complexity [1].
Impact
Successful exploitation leads to a denial-of-service (DoS) condition or the ability to execute a malicious program on the controller. The scope of impact includes high confidentiality, integrity, and availability impact on the affected controller, as the attacker gains unauthorized access to debug functionality [1].
Mitigation
Omron has not released patches as of the publication date (2022-07-04). Users should restrict network access to affected controllers and ensure only trusted systems (like Sysmac Studio) communicate with them. Refer to Omron's advisories for the latest updates on fixed versions [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=V1.28
- OMRON Corporation/Machine automation controller NJ series, Machine automation controller NX series, Automation software 'Sysmac Studio', and Programmable Terminal (PT) NA seriesv5Range: Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- jvn.jp/en/vu/JVNVU97050784/index.htmlnvdThird Party AdvisoryVDB Entry
- www.ia.omron.com/product/vulnerability/OMSR-2022-002_en.pdfnvdMitigationVendor Advisory
News mentions
0No linked articles in our index yet.