Authentication Bypass by Capture-replay

CVE-2022-33971

Medium

5.4/10

Summary

Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program.

Access Complexity: MEDIUM
AccessVector: ADJACENT_NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-294 - Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References

Advisory Timeline

Published Jul 04, 2022

Authentication Bypass by Capture-replay

CVE-2022-33971

Summary

CWE-294 - Authentication Bypass by Capture-replay

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS