#VU112872 Least Privilege Violation in Omron products - CVE-2025-1384

Cybersecurity Help s.r.o.

Published: 2025-07-14

Vulnerability identifier: #VU112872

Vulnerability risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-1384

CWE-ID: CWE-272

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Machine Automation Controller NJ101-xxxx
Hardware solutions / Firmware
Machine Automation Controller NJ301-1x00
Hardware solutions / Firmware
Machine Automation Controller NJ501-1x00
Hardware solutions / Firmware
Machine Automation Controller NJ501-1x20
Hardware solutions / Firmware
Machine Automation Controller NJ501-1340
Hardware solutions / Firmware
Machine Automation Controller NJ501-4xxxx
Hardware solutions / Firmware
Machine Automation Controller NJ501-5300
Hardware solutions / Firmware
Machine Automation Controller NJ501-Rx00
Hardware solutions / Firmware
Machine Automation Controller NJ501-Rx20
Hardware solutions / Firmware
Machine Automation Controller NX102-xxxxx
Hardware solutions / Firmware
Machine Automation Controller NX1P2-xxxxxxx
Hardware solutions / Firmware
Machine Automation Controller NX1P2-xxxxxxx1
Hardware solutions / Firmware
Machine Automation Controller NX502-xxxxx
Hardware solutions / Firmware
Machine Automation Controller NX701-xxxxx
Hardware solutions / Firmware
SYSMAC-SE2xx
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Omron

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to least privilege violation issue in the communication function. A remote attacker can perform arbitrary operations and execute arbitrary code on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Machine Automation Controller NJ101-xxxx: - - 1.67.00

Machine Automation Controller NJ301-1x00: - - 1.67.00

Machine Automation Controller NJ501-1x00: - - 1.67.02

Machine Automation Controller NJ501-1x20: - - 1.68.01

Machine Automation Controller NJ501-1340: - - 1.67.00

Machine Automation Controller NJ501-4xxxx: - - 1.67.00

Machine Automation Controller NJ501-5300: - - 1.67.01

Machine Automation Controller NJ501-Rx00: - - 1.67.01

Machine Automation Controller NJ501-Rx20: - - 1.67.00

Machine Automation Controller NX102-xxxxx: - - 1.68.01

Machine Automation Controller NX1P2-xxxxxxx: - - 1.64.09

Machine Automation Controller NX1P2-xxxxxxx1: - - 1.64.09

Machine Automation Controller NX502-xxxxx: - - 1.68.01

Machine Automation Controller NX701-xxxxx: - - 1.35.09

SYSMAC-SE2xx: before 1.69.00

External links
https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2025-004_en.pdf
https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2025-004_ja.pdf
https://jvn.jp/en/vu/JVNVU96149970/index.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Remote code execution in OMRON NJ/NX series Machine Automation Controllers