CVE-2019-18269

Vulnerability

Omron's CS and CJ series PLCs, as well as the NX1P2 series, all versions, are affected by an unrestricted externally accessible lock vulnerability (CWE-412). This flaw allows an attacker to remotely interact with the PLC's lock mechanism without any authentication or special conditions, via the FINS port (default TCP 9600) [1].

Exploitation

An attacker with network access to the PLC can exploit this vulnerability remotely with low skill level. No authentication or user interaction is required. By sending specially crafted packets to the FINS port, the attacker can bypass the lock and gain unauthorized access to the PLC's status information [1].

Impact

Successful exploitation allows an attacker to pose as an authorized user and obtain status information of the PLC. This affects confidentiality and integrity at a low level, but availability at a high level, as reflected in the CVSS v3 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) [1].

Mitigation

Omron recommends mitigating the vulnerability by using a firewall to filter access to the FINS port (default 9600) and blocking unnecessary remote access, as well as filtering IP addresses to restrict which devices can connect to the PLC. No software patch has been released as of the advisory date. CISA additionally recommends defensive measures to minimize risk [1].