CVE-2019-18269

Summary

Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.

Affected Software

VendorProductVersion RangeStatus
OmronOmron PLC CJ Seriesall versionsaffected
OmronOmron PLC CS seriesall versionsaffected
OmronOmron PLC NX1P2 seriesall versionsaffected

Weaknesses

  • CWE-412: CWE-412 Unrestricted Externally Accessible Lock

Workarounds

Omron recommends the following mitigation measures:

  • Filter FINS port: Protect access to Omron’s PLC with a firewall and blocking unnecessary remote access to FINS port (default: 9600).
  • Filter IP addresses: Protect access to Omron’s PLC with a firewall and filtering devices connected to the PLC by IP address.

For more information provided by Omron on these vulnerabilities refer to Vulnerabilities in Omron CS and CJ series CPU PLCs https://gcc01.safelinks.protection.outlook.com/ .

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References