CVE-2015-0987
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.
Omron CX-One CX-Programmer en versiones anteriores a 9.6, dispositivos CJ2M PLC en versiones anteriores a 2.1 y dispositivos CJ2H PLC en versiones anteriores a 1.5 confían en la transmisión de contraseña en texto plano, lo que permite a atacantes remotos obtener información sensible rastreando la red durante una petición de PLC de desbloqueo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-01-10 CVE Reserved
- 2015-10-03 CVE Published
- 2023-07-26 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-274-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Omron Search vendor "Omron" | Cx-programmer Search vendor "Omron" for product "Cx-programmer" | <= 9.5 Search vendor "Omron" for product "Cx-programmer" and version " <= 9.5" | - |
Affected
| ||||||
| Omron Search vendor "Omron" | Cj2h Plc Search vendor "Omron" for product "Cj2h Plc" | <= 1.4 Search vendor "Omron" for product "Cj2h Plc" and version " <= 1.4" | - |
Affected
| ||||||
| Omron Search vendor "Omron" | Cj2m Plc Search vendor "Omron" for product "Cj2m Plc" | <= 2.0 Search vendor "Omron" for product "Cj2m Plc" and version " <= 2.0" | - |
Affected
| ||||||