Details of VAR-201912-1454

ID

VAR-201912-1454

CVE

CVE-2019-13533

TITLE

Omron PLC CJ Series and PLC CS In the series Capture-replay Authentication bypass vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-013797

DESCRIPTION

In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves. Omron PLC CJ Series and PLC CS The series includes Capture-replay There is a vulnerability related to authentication bypass by.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Omron PLC CJ and CS series is the PLC of Omron

Trust: 2.52

sources: NVD: CVE-2019-13533 // JVNDB: JVNDB-2019-013797 // CNVD: CNVD-2020-00519 // IVD: d8ae014c-2288-4c4e-b202-6e9edc4ec6cc // VULHUB: VHN-145389 // VULMON: CVE-2019-13533

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: d8ae014c-2288-4c4e-b202-6e9edc4ec6cc // CNVD: CNVD-2020-00519

AFFECTED PRODUCTS

vendor:	omron	model:	plc cj	scope:	-	version:	-	Trust: 1.4
vendor:	omron	model:	plc cs	scope:	-	version:	-	Trust: 1.4
vendor:	omron	model:	plc cs	scope:	eq	version:	*	Trust: 1.0
vendor:	omron	model:	plc cj	scope:	eq	version:	*	Trust: 1.0
vendor:	omron	model:	plc cs series	scope:	-	version:	-	Trust: 0.6
vendor:	omron	model:	plc cj series	scope:	-	version:	-	Trust: 0.6
vendor:	plc cj	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	plc cs	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: d8ae014c-2288-4c4e-b202-6e9edc4ec6cc // CNVD: CNVD-2020-00519 // JVNDB: JVNDB-2019-013797 // CNNVD: CNNVD-201912-610 // NVD: CVE-2019-13533

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13533
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-13533
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-00519
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201912-610
value:	HIGH
Trust: 0.6
IVD:	d8ae014c-2288-4c4e-b202-6e9edc4ec6cc
value:	HIGH
Trust: 0.2
VULHUB:	VHN-145389
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-13533
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-13533
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-00519
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	d8ae014c-2288-4c4e-b202-6e9edc4ec6cc
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-145389
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-13533
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.3
version:	3.1
Trust: 1.0
NVD:	CVE-2019-13533
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: d8ae014c-2288-4c4e-b202-6e9edc4ec6cc // CNVD: CNVD-2020-00519 // VULHUB: VHN-145389 // VULMON: CVE-2019-13533 // JVNDB: JVNDB-2019-013797 // CNNVD: CNNVD-201912-610 // NVD: CVE-2019-13533

PROBLEMTYPE DATA

problemtype:

CWE-294

Trust: 1.9

sources: VULHUB: VHN-145389 // JVNDB: JVNDB-2019-013797 // NVD: CVE-2019-13533

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-610

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-013797

PATCH

title:

TopPage

url:

https://www.omron.co.jp/

Trust: 0.8

sources: JVNDB: JVNDB-2019-013797

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13533	Trust: 3.4
db:	ICS CERT	id:	ICSA-19-346-02	Trust: 3.2
db:	CNNVD	id:	CNNVD-201912-610	Trust: 0.9
db:	CNVD	id:	CNVD-2020-00519	Trust: 0.8
db:	JVN	id:	JVNVU91952379	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-013797	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.4659	Trust: 0.6
db:	IVD	id:	D8AE014C-2288-4C4E-B202-6E9EDC4EC6CC	Trust: 0.2
db:	VULHUB	id:	VHN-145389	Trust: 0.1
db:	VULMON	id:	CVE-2019-13533	Trust: 0.1

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-346-02	Trust: 3.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13533	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13533	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu91952379/	Trust: 0.8
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00323.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4659/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/294.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-19-346-02	Trust: 0.1

sources: CNVD: CNVD-2020-00519 // VULHUB: VHN-145389 // VULMON: CVE-2019-13533 // JVNDB: JVNDB-2019-013797 // CNNVD: CNNVD-201912-610 // NVD: CVE-2019-13533

SOURCES

db:	IVD	id:	d8ae014c-2288-4c4e-b202-6e9edc4ec6cc
db:	CNVD	id:	CNVD-2020-00519
db:	VULHUB	id:	VHN-145389
db:	VULMON	id:	CVE-2019-13533
db:	JVNDB	id:	JVNDB-2019-013797
db:	CNNVD	id:	CNNVD-201912-610
db:	NVD	id:	CVE-2019-13533

LAST UPDATE DATE

2024-11-23T20:53:50.983000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-00519	date:	2020-01-06T00:00:00
db:	VULHUB	id:	VHN-145389	date:	2020-01-02T00:00:00
db:	VULMON	id:	CVE-2019-13533	date:	2020-01-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-013797	date:	2020-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-610	date:	2019-12-25T00:00:00
db:	NVD	id:	CVE-2019-13533	date:	2024-11-21T04:25:05.593

SOURCES RELEASE DATE

db:	IVD	id:	d8ae014c-2288-4c4e-b202-6e9edc4ec6cc	date:	2020-01-06T00:00:00
db:	CNVD	id:	CNVD-2020-00519	date:	2020-01-06T00:00:00
db:	VULHUB	id:	VHN-145389	date:	2019-12-16T00:00:00
db:	VULMON	id:	CVE-2019-13533	date:	2019-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2019-013797	date:	2020-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201912-610	date:	2019-12-12T00:00:00
db:	NVD	id:	CVE-2019-13533	date:	2019-12-16T20:15:14.743