Details of VAR-201912-0996

ID

VAR-201912-0996

CVE

CVE-2019-18259

TITLE

Omron PLC CJ and Omron PLC CS Vulnerability in authentication bypass by spoofing in the series

Trust: 0.8

sources: JVNDB: JVNDB-2019-013776

DESCRIPTION

In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands. Omron PLC CJ and Omron PLC CS The series contains a vulnerability in spoofing authentication bypass.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Omron PLC CJ and CS series is the PLC of Omron

Trust: 2.52

sources: NVD: CVE-2019-18259 // JVNDB: JVNDB-2019-013776 // CNVD: CNVD-2020-00524 // IVD: d090b3c4-17cf-4044-b4c8-5cd7fcd7c079 // VULHUB: VHN-150587 // VULMON: CVE-2019-18259

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: d090b3c4-17cf-4044-b4c8-5cd7fcd7c079 // CNVD: CNVD-2020-00524

AFFECTED PRODUCTS

vendor:	omron	model:	plc cs	scope:	eq	version:	*	Trust: 1.0
vendor:	omron	model:	plc cj	scope:	eq	version:	*	Trust: 1.0
vendor:	omron	model:	plc cj	scope:	eq	version:	firmware	Trust: 0.8
vendor:	omron	model:	plc cs	scope:	eq	version:	firmware	Trust: 0.8
vendor:	omron	model:	plc cs series	scope:	-	version:	-	Trust: 0.6
vendor:	omron	model:	plc cj series	scope:	-	version:	-	Trust: 0.6
vendor:	omron	model:	plc cj	scope:	-	version:	-	Trust: 0.6
vendor:	omron	model:	plc cs	scope:	-	version:	-	Trust: 0.6
vendor:	plc cj	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	plc cs	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: d090b3c4-17cf-4044-b4c8-5cd7fcd7c079 // CNVD: CNVD-2020-00524 // JVNDB: JVNDB-2019-013776 // CNNVD: CNNVD-201912-618 // NVD: CVE-2019-18259

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-18259
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-18259
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-00524
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201912-618
value:	CRITICAL
Trust: 0.6
IVD:	d090b3c4-17cf-4044-b4c8-5cd7fcd7c079
value:	HIGH
Trust: 0.2
VULHUB:	VHN-150587
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-18259
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-18259
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-00524
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	d090b3c4-17cf-4044-b4c8-5cd7fcd7c079
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-150587
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-18259
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-18259
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: d090b3c4-17cf-4044-b4c8-5cd7fcd7c079 // CNVD: CNVD-2020-00524 // VULHUB: VHN-150587 // VULMON: CVE-2019-18259 // JVNDB: JVNDB-2019-013776 // CNNVD: CNNVD-201912-618 // NVD: CVE-2019-18259

PROBLEMTYPE DATA

problemtype:

CWE-290

Trust: 1.9

sources: VULHUB: VHN-150587 // JVNDB: JVNDB-2019-013776 // NVD: CVE-2019-18259

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-618

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-618

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013776

PATCH

title:

トップページ

url:

https://www.omron.co.jp/

Trust: 0.8

sources: JVNDB: JVNDB-2019-013776

EXTERNAL IDS

db:	NVD	id:	CVE-2019-18259	Trust: 3.4
db:	ICS CERT	id:	ICSA-19-346-02	Trust: 3.2
db:	CNNVD	id:	CNNVD-201912-618	Trust: 0.9
db:	CNVD	id:	CNVD-2020-00524	Trust: 0.8
db:	JVN	id:	JVNVU91952379	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-013776	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.4659	Trust: 0.6
db:	IVD	id:	D090B3C4-17CF-4044-B4C8-5CD7FCD7C079	Trust: 0.2
db:	VULHUB	id:	VHN-150587	Trust: 0.1
db:	VULMON	id:	CVE-2019-18259	Trust: 0.1

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-346-02	Trust: 3.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18259	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18259	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu91952379/	Trust: 0.8
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4659/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/290.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-19-346-02	Trust: 0.1

sources: CNVD: CNVD-2020-00524 // VULHUB: VHN-150587 // VULMON: CVE-2019-18259 // JVNDB: JVNDB-2019-013776 // CNNVD: CNNVD-201912-618 // NVD: CVE-2019-18259

SOURCES

db:	IVD	id:	d090b3c4-17cf-4044-b4c8-5cd7fcd7c079
db:	CNVD	id:	CNVD-2020-00524
db:	VULHUB	id:	VHN-150587
db:	VULMON	id:	CVE-2019-18259
db:	JVNDB	id:	JVNDB-2019-013776
db:	CNNVD	id:	CNNVD-201912-618
db:	NVD	id:	CVE-2019-18259

LAST UPDATE DATE

2024-11-23T20:34:12.523000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-00524	date:	2020-01-06T00:00:00
db:	VULHUB	id:	VHN-150587	date:	2019-12-27T00:00:00
db:	VULMON	id:	CVE-2019-18259	date:	2019-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-013776	date:	2020-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-618	date:	2019-12-30T00:00:00
db:	NVD	id:	CVE-2019-18259	date:	2024-11-21T04:32:56.130

SOURCES RELEASE DATE

db:	IVD	id:	d090b3c4-17cf-4044-b4c8-5cd7fcd7c079	date:	2020-01-06T00:00:00
db:	CNVD	id:	CNVD-2020-00524	date:	2020-01-06T00:00:00
db:	VULHUB	id:	VHN-150587	date:	2019-12-16T00:00:00
db:	VULMON	id:	CVE-2019-18259	date:	2019-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-013776	date:	2020-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-618	date:	2019-12-12T00:00:00
db:	NVD	id:	CVE-2019-18259	date:	2019-12-16T20:15:15.633