CVE-2019-18269

Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.omron-cxone.com/security/2019-12-06_PLC_EN.pdf
https://www.us-cert.gov/ics/advisories/icsa-19-346-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:omron:plc_cj_firmware::::::::
	cpe:2.3:o:omron:plc_cs_firmware::::::::

History

27 Apr 2023, 23:15

Type	Values Removed	Values Added
References		(MISC) https://www.omron-cxone.com/security/2019-12-06_PLC_EN.pdf -
Summary	In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, the software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control.	Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.

Information

Published : 2019-12-16 20:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-18269

Mitre link : CVE-2019-18269

CVE.ORG link : CVE-2019-18269

JSON object : View

Products Affected

omron

plc_cs_firmware
plc_cj_firmware

CWE

NVD-CWE-Other CWE-412

Unrestricted Externally Accessible Lock

{"id": "CVE-2019-18269", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-12-16T20:15:15.773", "references": [{"url": "https://www.omron-cxone.com/security/2019-12-06_PLC_EN.pdf", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-412"}]}], "descriptions": [{"lang": "en", "value": "\nOmron\u2019s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability. \n\n"}, {"lang": "es", "value": "En el Omron PLC CJ series, todas las versiones, y en el Omron PLC CS series, todas las versiones, el software comprueba apropiadamente la existencia de un bloqueo, pero el bloqueo puede ser controlado externamente o influenciado por un actor que se encuentra fuera de la esfera de control prevista."}], "lastModified": "2023-04-27T23:15:14.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:omron:plc_cj_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AF2C347-B4A7-4505-98A4-AFDCB1FCD386"}, {"criteria": "cpe:2.3:o:omron:plc_cs_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF9CD76C-F6E9-4E01-A039-4049B706DD92"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}