CVE-2019-18269
8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Summary
Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Omron | Omron PLC CJ Series | all versions | affected |
| Omron | Omron PLC CS series | all versions | affected |
| Omron | Omron PLC NX1P2 series | all versions | affected |
Weaknesses
- CWE-412: CWE-412 Unrestricted Externally Accessible Lock
Workarounds
Omron recommends the following mitigation measures:
- Filter FINS port: Protect access to Omron’s PLC with a firewall and blocking unnecessary remote access to FINS port (default: 9600).
- Filter IP addresses: Protect access to Omron’s PLC with a firewall and filtering devices connected to the PLC by IP address.
For more information provided by Omron on these vulnerabilities refer to Vulnerabilities in Omron CS and CJ series CPU PLCs https://gcc01.safelinks.protection.outlook.com/ .
ADP Enrichment
CVE Program Container
Additional References
- https://www.us-cert.gov/ics/advisories/icsa-19-346-02
- https://www.omron-cxone.com/security/2019-12-06_PLC_EN.pdf
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://www.us-cert.gov/ics/advisories/icsa-19-346-02
- https://www.omron-cxone.com/security/2019-12-06_PLC_EN.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.