CVE-2022-34151
Description
Hard-coded credentials in OMRON NJ/NX controllers, Sysmac Studio, and NA PT allow remote attackers to access controllers after analyzing the product.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Hard-coded credentials in OMRON NJ/NX controllers, Sysmac Studio, and NA PT allow remote attackers to access controllers after analyzing the product.
Vulnerability
A use of hard-coded credentials vulnerability (CWE-798) exists in the communication function of multiple OMRON products [1]. Affected products include Machine automation controller NJ series (all models V1.48 and earlier), NX7 series (all models V1.28 and earlier), NX1 series (all models V1.48 and earlier), Automation software 'Sysmac Studio' (all models V1.49 and earlier), and Programmable Terminal (PT) NA series (NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier) [1]. The credentials are embedded in the product and can be extracted by an attacker.
Exploitation
An unauthenticated remote attacker can exploit this vulnerability by first analyzing the affected product to obtain the hard-coded user credentials [1]. The analysis may involve examining firmware, binaries, or captured communication. Once the credentials are obtained, the attacker can use them to authenticate and gain access to the controller over the network [1]. The CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H, indicating no privileges or user interaction are required and the attack complexity is low [1].
Impact
Successful exploitation allows the attacker to access the controller, potentially leading to full control over the device [1]. The impact on integrity and availability is high, while confidentiality impact is low [1]. This could enable reading or modifying controller data, changing operational parameters, or causing denial of service.
Mitigation
OMRON has released firmware and software updates to address this vulnerability. Users should update to the latest versions as recommended in OMRON's security advisories [1]. For details on fixed versions, refer to the vendor's official advisory or contact OMRON support. No workarounds have been publicly documented.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: <=V1.15
- Range: <=V1.48
- Range: <=V1.49
- OMRON Corporation/Machine automation controller NJ series, Machine automation controller NX series, Automation software 'Sysmac Studio', and Programmable Terminal (PT) NA seriesv5Range: Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- jvn.jp/en/vu/JVNVU97050784/index.htmlnvdThird Party AdvisoryVDB Entry
- www.ia.omron.com/product/vulnerability/OMSR-2022-001_en.pdfnvdMitigationVendor Advisory
News mentions
0No linked articles in our index yet.