Unrated severityNVD Advisory· Published Jul 24, 2014· Updated May 6, 2026

CVE-2014-2370

Description

Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web script or HTML via crafted data.

Affected products

Omron/Ns Series System Program Firmware2 versions
cpe:2.3:o:omron:ns_series_system_program_firmware:8.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:omron:ns_series_system_program_firmware:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:omron:ns_series_system_program_firmware:8.68:*:*:*:*:*:*:*
Omron/Ns10 Hmi Terminal
cpe:2.3:h:omron:ns10_hmi_terminal:-:*:*:*:*:*:*:*
Omron/Ns12 Hmi Terminal
cpe:2.3:h:omron:ns12_hmi_terminal:-:*:*:*:*:*:*:*
Omron/Ns15 Hmi Terminal
cpe:2.3:h:omron:ns15_hmi_terminal:-:*:*:*:*:*:*:*
Omron/Ns5 Hmi Terminal
cpe:2.3:h:omron:ns5_hmi_terminal:-:*:*:*:*:*:*:*
Omron/Ns8 Hmi Terminal
cpe:2.3:h:omron:ns8_hmi_terminal:-:*:*:*:*:*:*:*
Omron/NS15v5
Range: 8.1xx
Omron/NS12v5
Range: 8.1xx
Omron/NS10v5
Range: 8.1xx
Omron/NS8v5
Range: 8.1xx
Omron/NS5v5
Range: 8.1xx

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

ics-cert.us-cert.gov/advisories/ICSA-14-203-01nvdThird Party AdvisoryUS Government Resource
www.securityfocus.com/bid/68836nvd
automation.omron.com/en/us/products/nvd
www.cisa.gov/news-events/ics-advisories/icsa-14-203-01nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000