CVE-2019-18269
9.8 CRITICALOmron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability
Published: 2019-12-16 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-412
Affected products
| Vendor | Product |
|---|---|
| omron | plc_cj_firmware, plc_cs_firmware |
Description
Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2019-18269
- [Other]https://www.omron-cxone.com/security/2019-12-06_PLC_EN.pdf
- [Other]https://www.us-cert.gov/ics/advisories/icsa-19-346-02
- [Other]https://www.omron-cxone.com/security/2019-12-06_PLC_EN.pdf
- [Other]https://www.us-cert.gov/ics/advisories/icsa-19-346-02
Related CVEs
Same vendor
- CVE-2022-34151 — Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine auto... (8.1 HIGH)
- CVE-2022-33971 — Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Ma... (7.5 HIGH)
- CVE-2020-6986 — In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service e... (7.5 HIGH)
- CVE-2019-13533 — In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the co... (8.1 HIGH)
- CVE-2015-0987 — Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmissi... (10.0 CRITICAL)