CVE-2020-6986
Description
An uncontrolled resource consumption vulnerability in Omron PLC CJ Series allows remote attackers to cause denial of service by sending specific data packets.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An uncontrolled resource consumption vulnerability in Omron PLC CJ Series allows remote attackers to cause denial of service by sending specific data packets.
Vulnerability
All versions of Omron PLC CJ Series (all versions) are affected by an uncontrolled resource consumption vulnerability (CWE-400). An attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which results in a denial of service condition. [1]
Exploitation
The vulnerability is exploitable remotely with low skill level. No authentication is required. The attacker sends a series of specific data packets to the PLC Ethernet module over the network. The attack does not require user interaction. [1]
Impact
Successful exploitation causes a denial of service condition on the PLC, rendering it unavailable. The CVSS v3 base score is 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). No confidentiality or integrity impact. [1]
Mitigation
Omron recommends filtering access to the FINS port (default 9600) and filtering IP addresses to restrict connections to the PLC. Additionally, CISA advises minimizing network exposure, placing control system networks behind firewalls, and using VPNs for remote access. No software patch is mentioned; the mitigations are network-level. [1]
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Omron/PLC CJ Seriesdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- www.us-cert.gov/ics/advisories/icsa-20-063-03nvdMitigationThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.