Resource exhaustion in Omron PLC CJ series

#VU25759 Resource exhaustion in Omron PLC CJ series

Published: 2020-03-04

Vulnerability identifier: #VU25759

Vulnerability risk: Medium

CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2020-6986

CWE-ID: CWE-400

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Omron PLC CJ series
Hardware solutions / Other hardware appliances

Vendor: Omron

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper resource management in excessive malformed packet processing. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack on the PLC service.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Omron PLC CJ series: All versions

External links
http://ics-cert.us-cert.gov/advisories/icsa-20-063-03
http://www.omron-cxone.com/security/2020-02-28_PLC_EN.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Omron PLC CJ Series