Sign-up

ID

VAR-201912-1000


CVE

CVE-2019-18269


TITLE

Omron PLC CJ and Omron PLC CS Vulnerability in series

Trust: 0.8

sources: JVNDB: JVNDB-2019-013775

DESCRIPTION

Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability. Omron PLC CJ and Omron PLC CS The series contains an unspecified vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Omron PLC CJ and CS series is the PLC of Omron. An attacker could exploit this vulnerability with a specially crafted request to bypass access restrictions to control locking

Trust: 2.34

sources: NVD: CVE-2019-18269 // JVNDB: JVNDB-2019-013775 // CNVD: CNVD-2020-03168 // VULHUB: VHN-150598 // VULMON: CVE-2019-18269

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-03168

AFFECTED PRODUCTS

vendor:omronmodel:plc csscope:eqversion:*

Trust: 1.0

vendor:omronmodel:plc cjscope:eqversion:*

Trust: 1.0

vendor:omronmodel:plc cjscope:eqversion:firmware

Trust: 0.8

vendor:omronmodel:plc csscope:eqversion:firmware

Trust: 0.8

vendor:omronmodel:plc cs seriesscope: - version: -

Trust: 0.6

vendor:omronmodel:plc cj seriesscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-03168 // JVNDB: JVNDB-2019-013775 // NVD: CVE-2019-18269

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18269
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-18269
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-03168
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201912-635
value: CRITICAL

Trust: 0.6

VULHUB: VHN-150598
value: HIGH

Trust: 0.1

VULMON: CVE-2019-18269
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-18269
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-03168
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-150598
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-18269
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-18269
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-03168 // VULHUB: VHN-150598 // VULMON: CVE-2019-18269 // JVNDB: JVNDB-2019-013775 // CNNVD: CNNVD-201912-635 // NVD: CVE-2019-18269

PROBLEMTYPE DATA

problemtype:CWE-412

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2019-013775 // NVD: CVE-2019-18269

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-635

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-635

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-013775

PATCH
title:トップページurl:https://www.omron.co.jp/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-013775

EXTERNAL IDS
db:ICS CERTid:ICSA-19-346-02
Trust: 3.2
db:NVDid:CVE-2019-18269
Trust: 3.2
db:JVNid:JVNVU91952379
Trust: 0.8
db:JVNDBid:JVNDB-2019-013775
Trust: 0.8
db:CNVDid:CNVD-2020-03168
Trust: 0.7
db:CNNVDid:CNNVD-201912-635
Trust: 0.7
db:AUSCERTid:ESB-2019.4659
Trust: 0.6
db:VULHUBid:VHN-150598
Trust: 0.1
db:VULMONid:CVE-2019-18269
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-03168 // 
            
            
            
            VULHUB: VHN-150598 // 
            
            
            
            VULMON: CVE-2019-18269 // 
            
            
            
            JVNDB: JVNDB-2019-013775 // 
            
            
            
            CNNVD: CNNVD-201912-635 // 
            
            
            
            NVD: CVE-2019-18269

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsa-19-346-02
Trust: 3.8
url:https://www.omron-cxone.com/security/2019-12-06_plc_en.pdf
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-18269
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18269
Trust: 0.8
url:https://jvn.jp/vu/jvnvu91952379/
Trust: 0.8
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4659/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.cisa.gov/uscert/ics/advisories/icsa-19-346-02
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-03168 // 
            
            
            
            VULHUB: VHN-150598 // 
            
            
            
            VULMON: CVE-2019-18269 // 
            
            
            
            JVNDB: JVNDB-2019-013775 // 
            
            
            
            CNNVD: CNNVD-201912-635 // 
            
            
            
            NVD: CVE-2019-18269

SOURCES
db:CNVDid:CNVD-2020-03168
db:VULHUBid:VHN-150598
db:VULMONid:CVE-2019-18269
db:JVNDBid:JVNDB-2019-013775
db:CNNVDid:CNNVD-201912-635
db:NVDid:CVE-2019-18269

LAST UPDATE DATE
2024-11-23T20:47:16.568000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-03168date:2020-01-22T00:00:00
db:VULHUBid:VHN-150598date:2019-12-27T00:00:00
db:VULMONid:CVE-2019-18269date:2019-12-27T00:00:00
db:JVNDBid:JVNDB-2019-013775date:2020-01-16T00:00:00
db:CNNVDid:CNNVD-201912-635date:2023-04-28T00:00:00
db:NVDid:CVE-2019-18269date:2024-11-21T04:32:56.703

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-03168date:2020-01-22T00:00:00
db:VULHUBid:VHN-150598date:2019-12-16T00:00:00
db:VULMONid:CVE-2019-18269date:2019-12-16T00:00:00
db:JVNDBid:JVNDB-2019-013775date:2020-01-16T00:00:00
db:CNNVDid:CNNVD-201912-635date:2019-12-12T00:00:00
db:NVDid:CVE-2019-18269date:2019-12-16T20:15:15.773