Multiple vulnerabilities in Omron PLC CJ, CS and NJ Series
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2019-18261 CVE-2019-18269 CVE-2019-13533 CVE-2019-18259 |
| CWE-ID | CWE-307 CWE-940 CWE-294 CWE-290 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Omron PLC NJ series Hardware solutions / Other hardware appliances Omron PLC CS series Hardware solutions / Other hardware appliances Omron PLC CJ series Hardware solutions / Other hardware appliances |
| Vendor | Omron |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Improper Restriction of Excessive Authentication Attempts
EUVDB-ID: #VU23583
Risk: Medium
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-18261
CWE-ID:
CWE-307 - Improper Restriction of Excessive Authentication Attempts
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to the system.
The vulnerability exists in the FTP function due to the affected software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame. A remote attacker can perform a brute-force authentication attack and gain access to the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsOmron PLC NJ series: All versions
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-19-346-03
http://www.omron-cxone.com/security/2019-12-06_PLC_EN.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Verification of Source of a Communication Channel
EUVDB-ID: #VU23586
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-18269
CWE-ID:
CWE-940 - Improper Verification of Source of a Communication Channel
Exploit availability: No
Description
The vulnerability allows a remote attacker to gain access to unexpected functionality.
The vulnerability exists due to incomplete check on FINS header. A remote attacker can send a specially crafted request, gain privileges and access unexpected functionality.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsOmron PLC CS series: All versions
Omron PLC CJ series: All versions
External linkshttp://www.omron-cxone.com/security/2019-12-06_PLC_EN.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Authentication Bypass by Capture-replay
EUVDB-ID: #VU23585
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-13533
CWE-ID:
CWE-294 - Authentication Bypass by Capture-replay
Exploit availability: No
Description
The vulnerability allows a remote attacker to bypass authentication on the target system.
The vulnerability exists in the FINS communication protocol due to the FINS communication packet between a controller and a PLC may be monitored and it may invite replay attack using commands for the PLC. A remote attacker can cause opening and closing of industrial valves.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsOmron PLC CS series: All versions
Omron PLC CJ series: All versions
External linkshttp://www.omron-cxone.com/security/2019-12-06_PLC_EN.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Authentication Bypass by Spoofing
EUVDB-ID: #VU23584
Risk: Medium
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-18259
CWE-ID:
CWE-290 - Authentication Bypass by Spoofing
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists in the FINS communication protocol due to the FINS communication packet between a controller and a PLC may be monitored and it may invite replay attack using commands for the PLC. A remote attacker can perform an ID-theft or execute commands on the target system.Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsOmron PLC CS series: All versions
Omron PLC CJ series: All versions
External linkshttp://www.omron-cxone.com/security/2019-12-06_PLC_EN.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
