CVE-2015-1015

Name of the Vulnerable Software and Affected Versions Omron CX-One CX-Programmer versions prior to 9.6 Omron CJ2M PLC devices versions prior to 2.1 Omron CJ2H PLC devices versions prior to 1.5

Description The issue is related to the reversibility of the password encoding method in the CX-Programmer development environment, part of the CX-One software suite used for programming and configuring Omron PLCs, and the firmware of Omron CJ2M and CJ2H PLC devices. This could allow a remote attacker to obtain the access password to the controller by reading the source code of control program files directly from the controller.

Recommendations For Omron CX-One CX-Programmer versions prior to 9.6, update to version 9.6 or later. For Omron CJ2M PLC devices versions prior to 2.1, update to version 2.1 or later. For Omron CJ2H PLC devices versions prior to 1.5, update to version 1.5 or later.