CVE-2019-18261
Current Description
In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.
Basic Data
| Published | December 16, 2019 |
|---|
| Last Modified | December 27, 2019 |
|---|
| Assigner | cve@mitre.org |
|---|
| Data Type | CVE |
|---|
| Data Format | MITRE |
|---|
| Data Version | 4.0 |
|---|
| Problem Type | CWE-307 |
|---|
| CVE Data Version | 4.0 |
|---|
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|
| CVSS 2 - Vector String | AV:N/AC:L/Au:N/C:P/I:N/A:N |
|---|
| CVSS 2 - Access Vector | NETWORK |
|---|
| CVSS 2 - Access Complexity | LOW |
|---|
| CVSS 2 - Authentication | NONE |
|---|
| CVSS 2 - Confidentiality Impact | PARTIAL |
|---|
| CVSS 2 - Availability Impact | NONE |
|---|
| CVSS 2 - Base Score | 5.0 |
|---|
| Severity | MEDIUM |
|---|
| Exploitability Score | 10.0 |
|---|
| Impact Score | 2.9 |
|---|
| Obtain All Privilege | false |
|---|
| Obtain User Privilege | false |
|---|
| Obtain Other Privilege | false |
|---|
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
| Cpe Version | Part | Vendor | Product | Version | Update | Edition | Language | SW Edition | Target SW | Target HW | Other | Version Start Including | Version End Including | Version Start Excluding | Version End Excluding |
|---|
| 2.3 | OS | Omron | Plc Cj Firmware | * | * | * | * | * | * | * | * | � | � | � | � |
| 2.3 | OS | Omron | Plc Cs Firmware | * | * | * | * | * | * | * | * | � | � | � | � |
| 2.3 | OS | Omron | Plc Nj Firmware | * | * | * | * | * | * | * | * | � | � | � | � |
Vulnerable Software List
References
| Name | Source | URL | Tags |
|---|
| https://www.us-cert.gov/ics/advisories/icsa-19-346-03 | https://www.us-cert.gov/ics/advisories/icsa-19-346-03 | MISC | Third Party Advisory US Government Resource |
Follow @discotekdotca