CVE-2025-1384
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-14

Last updated on: 2025-07-15

Assigner: OMRON Corporation

Description
Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the controller products.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-14
Last Modified
2025-07-15
Generated
2026-05-07
AI Q&A
2025-07-14
EPSS Evaluated
2026-05-05
NVD
CVE-2025-1384
EUVD
EUVD-2025-21287
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
omron nj_series_machine_automation_controller *
omron nx_series_machine_automation_controller *
omron sysmac_studio *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-272 The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Least Privilege Violation (CWE-272) in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. It allows an attacker to perform unauthorized access and execute unauthorized code remotely on the controller products.


How can this vulnerability impact me? :

The vulnerability can impact you by allowing an attacker to remotely access the affected controllers without authorization and execute unauthorized code, potentially leading to disruption or damage of the automation systems controlled by these devices.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart