CVE-2020-6986

In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC service denied result.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://www.us-cert.gov/ics/advisories/icsa-20-063-03	Mitigation Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:omron:plc_cj1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:plc_cj1:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:omron:plc_cj2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:omron:plc_cj2:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-05 21:15

Updated : 2020-03-09 18:33

NVD link : CVE-2020-6986

Mitre link : CVE-2020-6986

CVE.ORG link : CVE-2020-6986

JSON object : View

Products Affected

omron

plc_cj2_firmware
plc_cj1_firmware
plc_cj2
plc_cj1

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2020-6986", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-03-05T21:15:10.673", "references": [{"url": "https://www.us-cert.gov/ics/advisories/icsa-20-063-03", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in turn causes a PLC service denied result."}, {"lang": "es", "value": "En todas las versiones de Omron PLC CJ Series, un atacante puede enviar una serie de paquetes de datos espec\u00edficos dentro de un per\u00edodo corto de tiempo, causando un error de servicio en el m\u00f3dulo Ethernet del PLC, lo que a su vez causa un resultado de denegaci\u00f3n de servicio del PLC."}], "lastModified": "2020-03-09T18:33:53.263", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:omron:plc_cj1_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0B96FC0-A8AC-4AB8-BE27-49BF58E51C21"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:omron:plc_cj1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "226EF09B-E67A-4AC4-81F1-38D16946FBD9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:omron:plc_cj2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD9D412C-23D5-45B6-A97D-9DC6A7179819"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:omron:plc_cj2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7A3BA17B-E014-49B9-959E-9C0F4C4F2DFC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}