Rewterz threat Advisory – CVE-2019-18257 – Advantech DiagAnywhere Server Remote Code Execution Vulnerability
December 13, 2019Rewterz Threat Advisory – CVE-2019-18261 – ICS: Omron PLC CJ, CS and NJ Series Improper Limitation of suspicious failed logins
December 13, 2019Rewterz threat Advisory – CVE-2019-18257 – Advantech DiagAnywhere Server Remote Code Execution Vulnerability
December 13, 2019Rewterz Threat Advisory – CVE-2019-18261 – ICS: Omron PLC CJ, CS and NJ Series Improper Limitation of suspicious failed logins
December 13, 2019Severity
High
Analysis Summary
CVE-2019-18259
An attacker could spoof arbitrary messages or execute commands.
CVE-2019-13533
An attacker could monitor traffic between the PLC and the controller, and replay requests that could result in the opening and closing of industrial valves.
CVE-2019-18269
The software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control.
Impact
- Authentication Bypass by Spoofing
- Authentication Bypass by Capture-replay
- Unrestricted Externally Accessible Lock
Affected Vendors
Omron
Affected Products
- Omron PLC CJ series all versions
- Omron PLC CS series all versions
Remediation
- Filter FINS port: Protect access to Omron’s PLC with a firewall and blocking unnecessary remote access to FINS port (default: 9600).
- Filter IP addresses: Protect access to Omron’s PLC with a firewall and filtering devices connected to the PLC by IP address.