GCVE - cpe:2.3:a:omron:sysmac_studio:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:omron:sysmac_studio:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Omron (`675649e9-6a71-548a-9a9b-e097b9db785b`)
Product	Sysmac Studio (`0e6b7768-45ce-5f63-af6b-9bc541a37993`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-45793`	vulnerable	2026-06-08 05:50:36.916824	Executable files writable by low-privileged users in Omron Sysmac Studio MEDIUM (5.5) Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user. Published: 2024-01-10T20:49:36.082Z Updated: 2025-04-17T15:42:42.580Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04 https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/ https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-009_en.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-45792`	vulnerable	2026-06-08 05:50:36.916205	Directory Traversal in Project File Format allows overwrite (Zip Slip) HIGH (7.8) Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user. Published: 2024-01-22T17:46:36.699Z Updated: 2025-06-17T21:19:25.577Z Open on db.gcve.eu Reference links https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-34151`	vulnerable	2026-06-08 05:44:52.209466	Details available Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. Published: 2022-07-04T01:51:00.000Z Updated: 2026-06-02T19:47:10.923Z Open on db.gcve.eu Reference links https://www.ia.omron.com/product/vulnerability/OMSR-2022-001_en.pdf https://jvn.jp/en/vu/JVNVU97050784/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-33208`	vulnerable	2026-06-08 05:44:46.571258	Details available Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller. Published: 2022-07-04T01:50:44.000Z Updated: 2024-08-03T08:01:20.422Z Open on db.gcve.eu Reference links https://www.ia.omron.com/product/vulnerability/OMSR-2022-001_en.pdf https://jvn.jp/en/vu/JVNVU97050784/index.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.