VYPR
Vendor

Omron

Products
67
CVEs
73
Across products
119
Status
Private

Products

67
View all 67 products →

Recent CVEs

73
View all 73 CVEs →
  • CVE-2015-0987CriOct 6, 2015
    risk 0.65cvss 10.0epss 0.01

    Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.

  • CVE-2019-18269CriDec 16, 2019
    risk 0.64cvss 9.8epss 0.01

    Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.

  • CVE-2018-6624CriFeb 5, 2018
    risk 0.64cvss 9.8epss 0.02

    OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html.

  • CVE-2022-34151HigJul 4, 2022
    risk 0.53cvss 8.1epss 0.01

    Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation…

  • CVE-2019-13533HigDec 16, 2019
    risk 0.53cvss 8.1epss 0.01

    In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves.

  • CVE-2025-0591HigFeb 17, 2025
    risk 0.51cvss 7.8epss 0.00

    Out-of-bounds Read vulnerability (CWE-125) was found in CX-Programmer. Attackers may be able to read sensitive information or cause an application crash by abusing this vulnerability.

  • CVE-2024-31412HigMay 1, 2024
    risk 0.51cvss 7.8epss 0.00

    Out-of-bounds read vulnerability exists in CX-Programmer included in CX-One CXONE-AL[][]D-V4 Ver. 9.81 or lower. Opening a specially crafted project file may lead to information disclosure and/or the product being crashed.

  • CVE-2018-8834HigApr 17, 2018
    risk 0.51cvss 7.8epss 0.00

    Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator…

  • CVE-2018-7530HigApr 17, 2018
    risk 0.51cvss 7.8epss 0.00

    Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator…

  • CVE-2018-7514HigApr 17, 2018
    risk 0.51cvss 7.8epss 0.00

    Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator…

  • CVE-2022-33971HigJul 4, 2022
    risk 0.49cvss 7.5epss 0.01

    Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and…

  • CVE-2020-6986HigMar 5, 2020
    risk 0.49cvss 7.5epss 0.02

    In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC service denied result.

  • CVE-2024-27121HigMar 12, 2024
    risk 0.47cvss 7.2epss 0.01

    Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote…

  • CVE-2025-1384HigJul 14, 2025
    risk 0.46cvss 7.0epss 0.00

    Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code…

  • CVE-2024-12083MedJan 14, 2025
    risk 0.43cvss 6.6epss 0.01

    Path Traversal Vulnerabilities (CWE-22) exist in NJ/NX-series Machine Automation Controllers. An attacker may use these vulnerabilities to perform unauthorized access and to execute unauthorized code remotely to the controller products.

  • CVE-2024-31413MedMay 1, 2024
    risk 0.38cvss 5.9epss 0.00

    Free of pointer not at start of buffer vulnerability exists in CX-One CX-One CXONE-AL[][]D-V4 (The version which was installed with a DVD ver. 4.61.1 or lower, and was updated through CX-One V4 auto update in January 2024 or prior) and Sysmac Studio SYSMAC-SE2[][][] (The version…

  • CVE-2024-49501MedNov 1, 2024
    risk 0.37cvss 5.7epss 0.00

    Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function.

  • CVE-2024-12298MedJan 14, 2025
    risk 0.36cvss 5.5epss 0.00

    We found a vulnerability Improper Restriction of XML External Entity Reference (CWE-611) in NB-series NX-Designer. Attackers may be able to abuse this vulnerability to disclose confidential data on a computer.

  • CVE-2018-7525MedMar 21, 2018
    risk 0.34cvss 5.3epss 0.00

    In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability.

  • CVE-2018-7523MedMar 21, 2018
    risk 0.34cvss 5.3epss 0.00

    In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability.