CVE-2025-1384
July 15, 2025, 1:14 p.m.
7.0
Medium
Description
Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the controller products.
Product(s) Impacted
| Vendor | Product | Versions |
|---|---|---|
| Omron |
|
|
Weaknesses
Common security weaknesses mapped to this vulnerability.
CWE-272
Least Privilege Violation
The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.
*CPE(s)
Affected systems and software identified for this CVE.
| Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
|---|---|---|---|---|---|---|---|---|---|---|
| a | omron | nj-nx_series_machine_automation_controllers | / | / | / | / | / | / | / | / |
| a | omron | sysmac_studio | / | / | / | / | / | / | / | / |
Tags
CVSS Score
CVSS Data - 3.1
- Attack Vector: NETWORK
- Attack Complexity: HIGH
- Privileges Required: NONE
- Scope: UNCHANGED
- Confidentiality Impact: LOW
- Integrity Impact: LOW
- Availability Impact: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Timeline
Published: July 14, 2025, 12:15 a.m.
Last Modified: July 15, 2025, 1:14 p.m.
Last Modified: July 15, 2025, 1:14 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
bba440f9-ef23-4224-aa62-7ac0935d18d1
*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.