CVE-2015-0987

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.

critical 10.0 CVSS 3.1
Published: Oct 6, 2015
Modified: Jun 2, 2026
Vendor: Omron
Product: Cx-Programmer

Description

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.

References

Related CVEs

CVE-2022-33971 high · 7.5
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all
CVE-2022-34151 high · 8.1
Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.
CVE-2020-6986 high · 7.5
In all versions of Omron PLC CJ Series, an attacker can send a series of specific data packets within a short period, causing a service error on the PLC Ethernet module, which in t
CVE-2019-18269 critical · 9.8
Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.
CVE-2019-13533 high · 8.1
In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could res