PT-2015-3352 · Omron · Cx-One+3
Published
2015-10-01
·
Updated
2015-10-06
·
CVE-2015-1015
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Omron CX-One CX-Programmer versions prior to 9.6
Omron CJ2M PLC devices versions prior to 2.1
Omron CJ2H PLC devices versions prior to 1.5
Description
The issue is related to the reversibility of the password encoding method in the CX-Programmer development environment, part of the CX-One software suite used for programming and configuring Omron PLCs, and the firmware of Omron CJ2M and CJ2H PLC devices. This could allow a remote attacker to obtain the access password to the controller by reading the source code of control program files directly from the controller.
Recommendations
For Omron CX-One CX-Programmer versions prior to 9.6, update to version 9.6 or later.
For Omron CJ2M PLC devices versions prior to 2.1, update to version 2.1 or later.
For Omron CJ2H PLC devices versions prior to 1.5, update to version 1.5 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cj2H Plc
Cj2M Plc
Cx-One
Cx-Programmer