Approved changes feed: RSS · Atom

cpe:2.3:h:omron:nj501-1400:-:*:*:*:*:*:*:*

part: h version: - update: *

VendorOmron (675649e9-6a71-548a-9a9b-e097b9db785b)
ProductNj501 1400 (2487615d-fc20-548b-8e7f-0c03806d9a4e)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-33687 not_vulnerable 2026-06-08 06:37:32.012081 Details available
Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration.
Published: 2024-06-24T15:03:05.467Z
Updated: 2025-03-13T14:36:56.825Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-27396 not_vulnerable 2026-06-08 05:57:41.458116 Details available
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)
Published: 2023-06-19T00:00:00.000Z
Updated: 2024-12-24T16:45:20.428Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-31206 not_vulnerable 2026-06-08 05:43:40.415805 Details available
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant POU code to native machine code for execution by the PLC's runtime). The resulting machine code is executed by a runtime, typically controlled by a real-time operating system. The logic that is downloaded to the PLC does not seem to be cryptographically authenticated, allowing an attacker to manipulate transmitted object code to the PLC and execute arbitrary machine code on the processor of the PLC's CPU module in the context of the runtime. In the case of at least the NJ series, an RTOS and hardware combination is used that would potentially allow for memory protection and privilege separation and thus limit the impact of code execution. However, it was not confirmed whether these sufficiently segment the runtime from the rest of the RTOS.
Published: 2022-07-26T21:28:41.000Z
Updated: 2024-08-03T07:11:39.676Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.