CyberSec.Space Logo
Back to CVE Browser

CVE-2015-0987

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0980%
EPSS Percentile15.86th
PublishedOct 6, 2015
Last ModifiedJun 2, 2026

Vulnerability Description

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.

Affected Platforms (CPE)

πŸ“¦
Omron

Cx Programmer

<= 9.5
πŸ”Œ
Omron

Cj2h Plc

<= 1.4
πŸ”Œ
Omron

Cj2m Plc

<= 2.0

References & Advisories

πŸ”— https://ics-cert.us-cert.gov/advisories/ICSA-15-274-01
πŸ”— https://ics-cert.us-cert.gov/advisories/ICSA-15-274-01

Related Vulnerabilities

CVE-2016-934310.0

An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all...

CVE-2012-469710.0

TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have hardcoded accounts, which allows remote attackers to obtain adm...

CVE-2017-78989.8

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix ...

CVE-2017-79029.8

A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable...