SB2019121307 - Multiple vulnerabilities in Omron PLC CJ, CS and NJ Series

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019121307

SB2019121307 - Multiple vulnerabilities in Omron PLC CJ, CS and NJ Series

Published: December 13, 2019

Security Bulletin ID SB2019121307
CSH Severity
High
Patch available
NO
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 vulnerabilities.


1) Improper Restriction of Excessive Authentication Attempts (CVE-ID: CVE-2019-18261)

CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to the system.

The vulnerability exists in the FTP function due to the affected software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame. A remote attacker can perform a brute-force authentication attack and gain access to the target system.


2) Improper Verification of Source of a Communication Channel (CVE-ID: CVE-2019-18269)

CWE-ID: CWE-940 - Improper Verification of Source of a Communication Channel

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to unexpected functionality.

The vulnerability exists due to incomplete check on FINS header. A remote attacker can send a specially crafted request, gain privileges and access unexpected functionality.


3) Authentication Bypass by Capture-replay (CVE-ID: CVE-2019-13533)

CWE-ID: CWE-294 - Authentication Bypass by Capture-replay

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to bypass authentication on the target system.

The vulnerability exists in the FINS communication protocol due to the FINS communication packet between a controller and a PLC may be monitored and it may invite replay attack using commands for the PLC. A remote attacker can cause opening and closing of industrial valves.


4) Authentication Bypass by Spoofing (CVE-ID: CVE-2019-18259)

CWE-ID: CWE-290 - Authentication Bypass by Spoofing

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists in the FINS communication protocol due to the FINS communication packet between a controller and a PLC may be monitored and it may invite replay attack using commands for the PLC. A remote attacker can perform an ID-theft or execute commands on the target system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References