CVE-2025-1384

high

Description

Least Privilege Violation (CWE-272) Vulnerability exists in the communication function between the NJ/NX-series Machine Automation Controllers and the Sysmac Studio Software. An attacker may use this vulnerability to perform unauthorized access and to execute unauthorized code remotely to the controller products.

References

https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2025-004_ja.pdf

https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2025-004_en.pdf

Details

Source: Mitre, NVD

Published: 2025-07-14

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 6.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:C

Severity: Medium

CVSS v3

Base Score: 7

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

Severity: High

EPSS

EPSS: 0.00044