Details of VAR-201912-0997

ID

VAR-201912-0997

CVE

CVE-2019-18261

TITLE

OMRON PLC CS, CJ and NJ Vulnerability to brute force attack in series

Trust: 0.8

sources: JVNDB: JVNDB-2019-012869

DESCRIPTION

In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks. Omron PLC CJ series, etc. are all products of Japan's Omron (Omron) company. Omron PLC CJ series is a CJ series programmable logic controller (PLC). Omron PLC CS series is a CS series programmable logic controller (PLC). Omron PLC NJ series is an NJ series programmable logic controller. Attackers can exploit this vulnerability to implement brute force attacks

Trust: 1.71

sources: NVD: CVE-2019-18261 // JVNDB: JVNDB-2019-012869 // VULHUB: VHN-150590

AFFECTED PRODUCTS

vendor:	omron	model:	plc nj	scope:	eq	version:	*	Trust: 1.0
vendor:	omron	model:	plc cs	scope:	eq	version:	*	Trust: 1.0
vendor:	omron	model:	plc cj	scope:	eq	version:	*	Trust: 1.0
vendor:	omron	model:	plc cj	scope:	eq	version:	of the series	Trust: 0.8
vendor:	omron	model:	plc cs	scope:	eq	version:	of the series	Trust: 0.8
vendor:	omron	model:	plc nj	scope:	eq	version:	of the series	Trust: 0.8
vendor:	omron	model:	plc cj	scope:	-	version:	-	Trust: 0.6
vendor:	omron	model:	plc nj	scope:	-	version:	-	Trust: 0.6
vendor:	omron	model:	plc cs	scope:	-	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2019-012869 // CNNVD: CNNVD-201912-626 // NVD: CVE-2019-18261

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-18261
value:	CRITICAL
Trust: 1.0
JPCERT/CC:	JVNDB-2019-012869
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201912-626
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-150590
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-18261
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
JPCERT/CC:	JVNDB-2019-012869
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-150590
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-18261
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
JPCERT/CC:	JVNDB-2019-012869
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-150590 // JVNDB: JVNDB-2019-012869 // CNNVD: CNNVD-201912-626 // NVD: CVE-2019-18261

PROBLEMTYPE DATA

problemtype:

CWE-307

Trust: 1.9

sources: VULHUB: VHN-150590 // JVNDB: JVNDB-2019-012869 // NVD: CVE-2019-18261

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-626

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-626

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012869

PATCH

title:

弊社 PLC(CS シリーズ CPU および CJ シリーズ CPU)に対する外部機関からの脆弱性指摘について

url:

http://www.omron-cxone.com/security/2019-12-06_PLC_JP.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2019-012869

EXTERNAL IDS

db:	NVD	id:	CVE-2019-18261	Trust: 2.5
db:	ICS CERT	id:	ICSA-19-346-03	Trust: 2.5
db:	JVN	id:	JVNVU94348866	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-012869	Trust: 0.8
db:	CNNVD	id:	CNNVD-201912-626	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4659	Trust: 0.6
db:	VULHUB	id:	VHN-150590	Trust: 0.1

sources: VULHUB: VHN-150590 // JVNDB: JVNDB-2019-012869 // CNNVD: CNNVD-201912-626 // NVD: CVE-2019-18261

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-346-03	Trust: 3.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18261	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu94348866/	Trust: 0.8
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18261	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4659/	Trust: 0.6

sources: VULHUB: VHN-150590 // JVNDB: JVNDB-2019-012869 // CNNVD: CNNVD-201912-626 // NVD: CVE-2019-18261

SOURCES

db:	VULHUB	id:	VHN-150590
db:	JVNDB	id:	JVNDB-2019-012869
db:	CNNVD	id:	CNNVD-201912-626
db:	NVD	id:	CVE-2019-18261

LAST UPDATE DATE

2024-11-23T19:54:35.373000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-150590	date:	2019-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-012869	date:	2019-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-626	date:	2019-12-30T00:00:00
db:	NVD	id:	CVE-2019-18261	date:	2024-11-21T04:32:56.237

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-150590	date:	2019-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-012869	date:	2019-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-626	date:	2019-12-12T00:00:00
db:	NVD	id:	CVE-2019-18261	date:	2019-12-16T20:15:15.697