External risk intelligence

Omron CX-Programmer and PLC Information Disclosure Risk.

CVE advisorySeverity: CRITICAL (CVSS 10.0)

CVE-2015-0987

Flaws in Omron CX-Programmer software and certain PLC devices allow attackers to obtain sensitive information by intercepting unencrypted passwords transmitted over the network. This can lead to unauthorized access and potential disruption of industrial operations, posing a risk to operational technology systems and se

2Halo Surface Signal

Information Disclosure

Omron Cx Programmer

9.5 and earlier1.4 and earlier2.0 and earlier

External exposure likelihood

Halo Surface Signal score for CVE-2015-0987

The affected products are industrial control software and Programmable Logic Controllers (PLCs). These components are typically deployed within isolated industrial or operational technology networks and are not intended to be directly exposed to the public internet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H

Horizon Alert

Summary of the vulnerability and why it matters

The identified flaw impacts industrial control systems that use Omron CX-One CX-Programmer software and CJ2M or CJ2H PLC devices. The affected components transmit passwords in cleartext, making them susceptible to unauthorized access and potential manipulation. This could disrupt industrial operations and expose sensitive control system data.

  • Vulnerable Omron industrial software and devices
  • Cleartext password transmission flaw
  • Unauthorized access to sensitive data

Attack Path

How an attacker could exploit the issue

Attackers can exploit vulnerabilities in Omron CX-One software and certain PLC devices by transmitting passwords in cleartext over the network. This allows unauthorized individuals to gain sensitive information during unlock requests. The exploitation of this vulnerability could lead to unauthorized access and control over industrial systems.

  • Network exposure required.
  • Attackers sniff network traffic.
  • Trigger unlock, obtain credentials.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability allows remote attackers to obtain sensitive information by transmitting passwords in cleartext over the network during an unlock request. Exploitation could expose credentials, potentially leading to unauthorized system access. The business risk is associated with unauthorized access and potential disruption of operational technology systems.

  • Attacker skill level: Low
  • Required access or conditions: Network access
  • Business risk or urgency: High

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability relates to password transmission methods in specific Omron products, potentially allowing unauthorized access to sensitive information. The primary risk stems from network sniffing during unlock requests, which could expose credentials. This could impact operational technology systems by enabling unauthorized control or access.

  • Identify affected Omron CX-Programmer, CJ2M, and CJ2H PLC devices.
  • Reduce exposure by isolating affected systems.
  • Apply vendor fixes, verify implementation, and monitor network traffic.

Frequently asked questions

What is Omron CX-Programmer and what are CJ2M/CJ2H PLCs?

Omron CX-Programmer is software for programming and managing Omron PLCs. CJ2M and CJ2H PLCs are industrial computers used to control automated manufacturing processes and machinery.

What is the weakness class for CVE-2015-0987?

This vulnerability is classified as CWE-319, which involves cleartext transmission of sensitive information. Passwords are sent unencrypted, making them visible to network sniffers.

How can an attacker exploit CVE-2015-0987?

An attacker with network access can sniff traffic during a PLC unlock request to obtain sensitive information transmitted in cleartext. This could lead to unauthorized access.

What is the relevance of CVE-2015-0987 to industrial systems?

This vulnerability affects Omron CX-One CX-Programmer software and CJ2M/CJ2H PLCs. It poses a risk to operational technology systems by allowing unauthorized access to sensitive data and potential disruption of industrial operations. The Halo Surface Signal assesses this as unlikely to be exploited in the wild due to the nature of the affected systems.

What steps can be taken to mitigate CVE-2015-0987?

Identify affected Omron CX-Programmer, CJ2M, and CJ2H PLC devices. Isolate these systems to reduce exposure. Apply vendor-provided fixes when available, confirm their implementation, and monitor network traffic for suspicious activity.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified