CVE-2019-18261
CRITICALOmron PLC CS, CJ, and NJ Firmware - Improper Restriction of Excessive Authentication Attempts
Title source: llmDescription
In Omron PLC CS series, all versions, Omron PLC CJ series, all versions, and Omron PLC NJ series, all versions, the software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-19-346-03
Scores
CVSS v3
9.8
EPSS
0.0131
EPSS Percentile
66.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-307
Status
published
Products (3)
omron/plc_cj_firmware
omron/plc_cs_firmware
omron/plc_nj_firmware
Published
Dec 16, 2019
Tracked Since
Feb 18, 2026