CVE-2019-13533 - OpenCVE

In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Omron	Plc Cs Firmware Plc Cj Firmware

Configuration 1 [-]

OR	cpe:2.3:o:omron:plc_cj_firmware::::::::
	cpe:2.3:o:omron:plc_cs_firmware::::::::

References

Link	Resource
https://www.us-cert.gov/ics/advisories/icsa-19-346-02	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2019-12-16T19:25:00

Updated: 2019-12-16T19:25:00

Reserved: 2019-07-11T00:00:00

Link: CVE-2019-13533

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-12-16T20:15:14.743

Modified: 2020-01-02T19:53:22.337

Link: CVE-2019-13533

JSON object: View

Redhat Information

No data.

CWE

CWE-294

{"containers": {"cna": {"affected": [{"product": "Omron PLC CJ and CS Series", "vendor": "n/a", "versions": [{"status": "affected", "version": "Omron PLC CJ series, all versions, Omron PLC CS series, all versions"}]}], "descriptions": [{"lang": "en", "value": "In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-294", "description": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-12-16T19:25:00", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-13533", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Omron PLC CJ and CS Series", "version": {"version_data": [{"version_value": "Omron PLC CJ series, all versions, Omron PLC CS series, all versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-13533", "datePublished": "2019-12-16T19:25:00", "dateReserved": "2019-07-11T00:00:00", "dateUpdated": "2019-12-16T19:25:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:omron:plc_cj_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AF2C347-B4A7-4505-98A4-AFDCB1FCD386", "vulnerable": true}, {"criteria": "cpe:2.3:o:omron:plc_cs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF9CD76C-F6E9-4E01-A039-4049B706DD92", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves."}, {"lang": "es", "value": "En el Omron PLC CJ series, todas las versiones, y el Omron PLC CS series, todas las versiones, un atacante podr\u00eda monitorear el tr\u00e1fico entre el PLC y el controlador y reproducir las peticiones que podr\u00edan resultar en la apertura y cierre de v\u00e1lvulas industriales."}], "id": "CVE-2019-13533", "lastModified": "2020-01-02T19:53:22.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.3, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-16T20:15:14.743", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-294"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-294"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}