CVE-2015-0987

EPSS 1.16%
Veröffentlicht 06.10.2015 01:59:03
Zuletzt bearbeitet 02.06.2026 21:16:20
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Omron ≫ Cx-programmer Version <= 9.5

Omron ≫ Cj2h Plc Version <= 1.4

Omron ≫ Cj2m Plc Version <= 2.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.16%	0.631

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://ics-cert.us-cert.gov/advisories/ICSA-15-274-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2015-0987

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-0987

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-0987

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2015-0987