Details of VAR-201510-0444

ID

VAR-201510-0444

CVE

CVE-2015-0988

TITLE

Omron CX-One CX-Programmer Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: 708c9dfe-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201510-029

DESCRIPTION

Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file. Multiple Omron Corporation Products are prone to multiple local information-disclosure vulnerabilities A local attacker can exploit these issues to obtain sensitive information or cause a denial-of-service vulnerability. The following products are vulnerable: Versions prior to CX-Programmer software 9.6 Versions prior to CJ2M Series PLC 2.1 Versions prior to CJ2H Series PLC 1.5. Omron CX-One CX-Programmer is a set of programs used to configure programmable devices produced by Omron Corporation of Japan

Trust: 2.25

sources: NVD: CVE-2015-0988 // JVNDB: JVNDB-2015-005093 // BID: 76936 // IVD: 708c9dfe-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-78934 // VULMON: CVE-2015-0988

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.2

sources: IVD: 708c9dfe-2351-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:	omron	model:	cx-programmer	scope:	lte	version:	9.5	Trust: 1.0
vendor:	omron	model:	cx-programmer	scope:	lt	version:	9.6	Trust: 0.8
vendor:	omron	model:	cx-programmer	scope:	eq	version:	9.5	Trust: 0.6
vendor:	omron	model:	cx-programmer software	scope:	eq	version:	0	Trust: 0.3
vendor:	omron	model:	cj2m series plc	scope:	eq	version:	0	Trust: 0.3
vendor:	omron	model:	cj2h series plc	scope:	eq	version:	0	Trust: 0.3
vendor:	omron	model:	cx-programmer software	scope:	ne	version:	9.6	Trust: 0.3
vendor:	omron	model:	cj2m series plc	scope:	ne	version:	2.1	Trust: 0.3
vendor:	omron	model:	cj2h series plc	scope:	ne	version:	1.5	Trust: 0.3
vendor:	cx programmer	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 708c9dfe-2351-11e6-abef-000c29c66e3d // BID: 76936 // JVNDB: JVNDB-2015-005093 // CNNVD: CNNVD-201510-029 // NVD: CVE-2015-0988

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0988
value:	LOW
Trust: 1.0
NVD:	CVE-2015-0988
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201510-029
value:	LOW
Trust: 0.6
IVD:	708c9dfe-2351-11e6-abef-000c29c66e3d
value:	LOW
Trust: 0.2
VULHUB:	VHN-78934
value:	LOW
Trust: 0.1
VULMON:	CVE-2015-0988
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-0988
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
IVD:	708c9dfe-2351-11e6-abef-000c29c66e3d
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-78934
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 708c9dfe-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-78934 // VULMON: CVE-2015-0988 // JVNDB: JVNDB-2015-005093 // CNNVD: CNNVD-201510-029 // NVD: CVE-2015-0988

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-78934 // JVNDB: JVNDB-2015-005093 // NVD: CVE-2015-0988

THREAT TYPE

local

Trust: 0.9

sources: BID: 76936 // CNNVD: CNNVD-201510-029

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201510-029

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005093

PATCH

title:	CX-Programmer	url:	https://industrial.omron.us/en/products/catalogue/automation_systems/software/programming/cx-one/default.html	Trust: 0.8
title:	【お知らせ】弊社プログラマブルコントローラ CJシリーズの「UM読出プロテクト機能」に使用しているパスワード保護機能の強化について	url:	http://www.fa.omron.co.jp/product/special/security_plc/index.html	Trust: 0.8
title:	Omron CX-One CX-Programmer Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57887	Trust: 0.6

sources: JVNDB: JVNDB-2015-005093 // CNNVD: CNNVD-201510-029

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0988	Trust: 3.1
db:	ICS CERT	id:	ICSA-15-274-01	Trust: 2.9
db:	CNNVD	id:	CNNVD-201510-029	Trust: 0.9
db:	JVN	id:	JVNVU99817917	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-005093	Trust: 0.8
db:	BID	id:	76936	Trust: 0.4
db:	IVD	id:	708C9DFE-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-78934	Trust: 0.1
db:	VULMON	id:	CVE-2015-0988	Trust: 0.1

sources: IVD: 708c9dfe-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-78934 // VULMON: CVE-2015-0988 // BID: 76936 // JVNDB: JVNDB-2015-005093 // CNNVD: CNNVD-201510-029 // NVD: CVE-2015-0988

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-274-01	Trust: 2.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0988	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99817917/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0988	Trust: 0.8
url:	https://industrial.omron.us/en/home	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-15-274-01	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/76936	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/windows-hotfix-ms16-036	Trust: 0.1

sources: VULHUB: VHN-78934 // VULMON: CVE-2015-0988 // BID: 76936 // JVNDB: JVNDB-2015-005093 // CNNVD: CNNVD-201510-029 // NVD: CVE-2015-0988

CREDITS

Stephen Dunlap

Trust: 0.3

sources: BID: 76936

SOURCES

db:	IVD	id:	708c9dfe-2351-11e6-abef-000c29c66e3d
db:	VULHUB	id:	VHN-78934
db:	VULMON	id:	CVE-2015-0988
db:	BID	id:	76936
db:	JVNDB	id:	JVNDB-2015-005093
db:	CNNVD	id:	CNNVD-201510-029
db:	NVD	id:	CVE-2015-0988

LAST UPDATE DATE

2024-11-23T21:43:44.181000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78934	date:	2015-10-06T00:00:00
db:	VULMON	id:	CVE-2015-0988	date:	2015-10-06T00:00:00
db:	BID	id:	76936	date:	2015-10-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-005093	date:	2015-10-07T00:00:00
db:	CNNVD	id:	CNNVD-201510-029	date:	2015-10-09T00:00:00
db:	NVD	id:	CVE-2015-0988	date:	2024-11-21T02:24:05.417

SOURCES RELEASE DATE

db:	IVD	id:	708c9dfe-2351-11e6-abef-000c29c66e3d	date:	2015-10-09T00:00:00
db:	VULHUB	id:	VHN-78934	date:	2015-10-06T00:00:00
db:	VULMON	id:	CVE-2015-0988	date:	2015-10-06T00:00:00
db:	BID	id:	76936	date:	2015-10-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-005093	date:	2015-10-07T00:00:00
db:	CNNVD	id:	CNNVD-201510-029	date:	2015-10-09T00:00:00
db:	NVD	id:	CVE-2015-0988	date:	2015-10-06T01:59:04.970