Details of VAR-201407-0238

ID

VAR-201407-0238

CVE

CVE-2014-2369

TITLE

Omron NS series HMI Terminals Cross-Site Request Forgery Vulnerability

Trust: 0.8

sources: IVD: e2e5fef4-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-04727

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. Omron NS5, NS8, NS10, NS12 and NS15 HMI Terminals are Omron's touch screen HMI programming software. Allows remote attackers to perform unauthorized operations with specially crafted data. This may lead to further attacks. The following products are affected: Omron NS5, NS8, NS10, NS12, NS15 HMI Terminals versions 8.1xx to 8.68x

Trust: 2.7

sources: NVD: CVE-2014-2369 // JVNDB: JVNDB-2014-003553 // CNVD: CNVD-2014-04727 // BID: 68834 // IVD: e2e5fef4-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-70308

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e5fef4-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-04727

AFFECTED PRODUCTS

vendor:	omron	model:	ns series system program	scope:	eq	version:	8.1	Trust: 2.2
vendor:	omron	model:	ns series system program	scope:	eq	version:	8.68	Trust: 2.2
vendor:	omron	model:	ns8 hmi terminal	scope:	eq	version:	-	Trust: 1.0
vendor:	omron	model:	ns12 hmi terminal	scope:	eq	version:	-	Trust: 1.0
vendor:	omron	model:	ns10 hmi terminal	scope:	eq	version:	-	Trust: 1.0
vendor:	omron	model:	ns5 hmi terminal	scope:	eq	version:	-	Trust: 1.0
vendor:	omron	model:	ns15 hmi terminal	scope:	eq	version:	-	Trust: 1.0
vendor:	omron	model:	ns10	scope:	-	version:	-	Trust: 0.8
vendor:	omron	model:	ns12	scope:	-	version:	-	Trust: 0.8
vendor:	omron	model:	ns15	scope:	-	version:	-	Trust: 0.8
vendor:	omron	model:	ns5	scope:	-	version:	-	Trust: 0.8
vendor:	omron	model:	ns8	scope:	-	version:	-	Trust: 0.8
vendor:	omron	model:	ns series software	scope:	eq	version:	8.1xx to 8.68x	Trust: 0.8
vendor:	omron	model:	ns15 hmi terminal	scope:	-	version:	-	Trust: 0.6
vendor:	omron	model:	ns12 hmi terminal	scope:	-	version:	-	Trust: 0.6
vendor:	omron	model:	ns10 hmi terminal	scope:	-	version:	-	Trust: 0.6
vendor:	omron	model:	ns8 hmi terminal	scope:	-	version:	-	Trust: 0.6
vendor:	omron	model:	ns5 hmi terminal	scope:	-	version:	-	Trust: 0.6
vendor:	omron	model:	ns8	scope:	eq	version:	8.68	Trust: 0.3
vendor:	omron	model:	ns8	scope:	eq	version:	8.1	Trust: 0.3
vendor:	omron	model:	ns5	scope:	eq	version:	8.68	Trust: 0.3
vendor:	omron	model:	ns5	scope:	eq	version:	8.1	Trust: 0.3
vendor:	omron	model:	ns15	scope:	eq	version:	8.68	Trust: 0.3
vendor:	omron	model:	ns15	scope:	eq	version:	8.1	Trust: 0.3
vendor:	omron	model:	ns12	scope:	eq	version:	8.68	Trust: 0.3
vendor:	omron	model:	ns12	scope:	eq	version:	8.1	Trust: 0.3
vendor:	omron	model:	ns10	scope:	eq	version:	8.68	Trust: 0.3
vendor:	omron	model:	ns10	scope:	eq	version:	8.1	Trust: 0.3
vendor:	omron	model:	ns8	scope:	ne	version:	8.7	Trust: 0.3
vendor:	omron	model:	ns5	scope:	ne	version:	8.7	Trust: 0.3
vendor:	omron	model:	ns15	scope:	ne	version:	8.7	Trust: 0.3
vendor:	omron	model:	ns12	scope:	ne	version:	8.7	Trust: 0.3
vendor:	omron	model:	ns10	scope:	ne	version:	8.7	Trust: 0.3
vendor:	ns series system program	model:	-	scope:	eq	version:	8.1	Trust: 0.2
vendor:	ns series system program	model:	-	scope:	eq	version:	8.68	Trust: 0.2
vendor:	ns10 hmi terminal	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ns12 hmi terminal	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ns15 hmi terminal	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ns5 hmi terminal	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	ns8 hmi terminal	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: e2e5fef4-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-04727 // BID: 68834 // CNNVD: CNNVD-201407-595 // JVNDB: JVNDB-2014-003553 // NVD: CVE-2014-2369

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2014-2369
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2014-2369
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-2369
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-04727
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201407-595
value:	MEDIUM
Trust: 0.6
IVD:	e2e5fef4-2351-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-70308
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-2369
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ics-cert@hq.dhs.gov:	CVE-2014-2369
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:N/AC:H/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2014-04727
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e5fef4-2351-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-70308
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: e2e5fef4-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-04727 // VULHUB: VHN-70308 // CNNVD: CNNVD-201407-595 // JVNDB: JVNDB-2014-003553 // NVD: CVE-2014-2369 // NVD: CVE-2014-2369

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-70308 // JVNDB: JVNDB-2014-003553 // NVD: CVE-2014-2369

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-595

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201407-595

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003553

PATCH

title:	Scalable HMI	url:	http://industrial.omron.us/en/products/catalogue/automation_systems/hmi/scalable_hmi/default.html	Trust: 0.8
title:	NS5, NS8, NS10, NS12, NS15, NSH5-V2	url:	http://www.fa.omron.co.jp/products/family/155/download/catalog.html	Trust: 0.8
title:	Patch for Omron NS series HMI Terminals Cross-Site Request Forgery Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/48034	Trust: 0.6

sources: CNVD: CNVD-2014-04727 // JVNDB: JVNDB-2014-003553

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2369	Trust: 3.6
db:	ICS CERT	id:	ICSA-14-203-01	Trust: 3.4
db:	BID	id:	68834	Trust: 1.0
db:	CNNVD	id:	CNNVD-201407-595	Trust: 0.9
db:	CNVD	id:	CNVD-2014-04727	Trust: 0.8
db:	JVN	id:	JVNVU97798872	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-003553	Trust: 0.8
db:	IVD	id:	E2E5FEF4-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-70308	Trust: 0.1

sources: IVD: e2e5fef4-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-04727 // VULHUB: VHN-70308 // BID: 68834 // CNNVD: CNNVD-201407-595 // JVNDB: JVNDB-2014-003553 // NVD: CVE-2014-2369

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-203-01	Trust: 3.4
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-14-203-01	Trust: 1.0
url:	https://automation.omron.com/en/us/products/	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2369	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu97798872/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2369	Trust: 0.8
url:	http://industrial.omron.us/en/products/catalogue/automation_systems/hmi/scalable_hmi/	Trust: 0.3

sources: CNVD: CNVD-2014-04727 // VULHUB: VHN-70308 // BID: 68834 // CNNVD: CNNVD-201407-595 // JVNDB: JVNDB-2014-003553 // NVD: CVE-2014-2369

CREDITS

Joel Sevilleja Febrer of S2 Grupo

Trust: 0.3

sources: BID: 68834

SOURCES

db:	IVD	id:	e2e5fef4-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-04727
db:	VULHUB	id:	VHN-70308
db:	BID	id:	68834
db:	CNNVD	id:	CNNVD-201407-595
db:	JVNDB	id:	JVNDB-2014-003553
db:	NVD	id:	CVE-2014-2369

LAST UPDATE DATE

2025-10-07T23:12:16.171000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-04727	date:	2014-07-31T00:00:00
db:	VULHUB	id:	VHN-70308	date:	2014-07-24T00:00:00
db:	BID	id:	68834	date:	2014-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201407-595	date:	2014-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2014-003553	date:	2014-07-25T00:00:00
db:	NVD	id:	CVE-2014-2369	date:	2025-10-06T18:15:48.690

SOURCES RELEASE DATE

db:	IVD	id:	e2e5fef4-2351-11e6-abef-000c29c66e3d	date:	2014-07-31T00:00:00
db:	CNVD	id:	CNVD-2014-04727	date:	2014-07-31T00:00:00
db:	VULHUB	id:	VHN-70308	date:	2014-07-24T00:00:00
db:	BID	id:	68834	date:	2014-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201407-595	date:	2014-07-29T00:00:00
db:	JVNDB	id:	JVNDB-2014-003553	date:	2014-07-25T00:00:00
db:	NVD	id:	CVE-2014-2369	date:	2014-07-24T14:55:07.287