CJ-series PLCs
by Omron
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-18269 | Cri | 0.64 | 9.8 | 0.00 | Dec 16, 2019 | Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability. | ||
| CVE-2019-13533 | Hig | 0.53 | 8.1 | 0.00 | Dec 16, 2019 | In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves. | ||
| CVE-2020-6986 | Hig | 0.49 | 7.5 | 0.01 | Mar 5, 2020 | In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC service denied result. | ||
| CVE-2022-45794 | 0.00 | — | 0.00 | Jan 10, 2024 | An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card. | |||
| CVE-2022-31205 | 0.00 | — | 0.00 | Jul 26, 2022 | In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication. | |||
| CVE-2022-31204 | 0.00 | — | 0.00 | Jul 26, 2022 | Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads… | |||
| CVE-2019-18261 | 0.00 | — | 0.00 | Dec 16, 2019 | In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to… | |||
| CVE-2019-18259 | 0.00 | — | 0.00 | Dec 16, 2019 | In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands. |
- risk 0.64cvss 9.8epss 0.00
Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.
- risk 0.53cvss 8.1epss 0.00
In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves.
- risk 0.49cvss 7.5epss 0.01
In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC service denied result.
- CVE-2022-45794Jan 10, 2024risk 0.00cvss —epss 0.00
An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card.
- CVE-2022-31205Jul 26, 2022risk 0.00cvss —epss 0.00
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.
- CVE-2022-31204Jul 26, 2022risk 0.00cvss —epss 0.00
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads…
- CVE-2019-18261Dec 16, 2019risk 0.00cvss —epss 0.00
In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to…
- CVE-2019-18259Dec 16, 2019risk 0.00cvss —epss 0.00
In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands.