CVE-2019-13533

Published Dec 16, 2019

Last updated 5 years ago

CVSS high 8.1

Overview

Description: In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves.
Source: ics-cert@hq.dhs.gov
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.3
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-294
ics-cert@hq.dhs.gov: CWE-294

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omron:plc_cj_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AF2C347-B4A7-4505-98A4-AFDCB1FCD386"
          },
          {
            "criteria": "cpe:2.3:o:omron:plc_cs_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF9CD76C-F6E9-4E01-A039-4049B706DD92"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References