PT-2019-15303 · Omron · Omron Plc Cj Series

Published

2019-12-16

Updated

2019-12-27

CVE-2019-18261

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Omron PLC CS series, all versions Omron PLC CJ series, all versions Omron PLC NJ series, all versions

Description The software does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

Recommendations For Omron PLC CS series, all versions, implement rate limiting or account lockout policies to prevent brute force attacks. For Omron PLC CJ series, all versions, consider adding a time delay between failed login attempts to slow down the attack process. For Omron PLC NJ series, all versions, restrict access to the authentication mechanism to minimize the risk of exploitation.

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

CVE-2019-18261

Affected Products

Omron Plc Cj Series

PT-2019-15303 · Omron · Omron Plc Cj Series

CVE-2019-18261

Weakness Enumeration

Related Identifiers

Affected Products

References · 2