What is the severity of CVE-2015-0987?

CVE-2015-0987 is considered a high-severity vulnerability due to the risk of unauthorized access to sensitive information through cleartext password transmission.

How do I fix CVE-2015-0987?

To fix CVE-2015-0987, it is recommended to upgrade Omron CX-Programmer to version 9.6 or later, and CJ2M and CJ2H PLC devices to their respective secure versions.

What software is affected by CVE-2015-0987?

CVE-2015-0987 affects Omron CX-Programmer versions prior to 9.6, CJ2M PLC devices before version 2.1, and CJ2H PLC devices before version 1.5.

What type of attack does CVE-2015-0987 allow?

CVE-2015-0987 allows remote attackers to perform sniffing attacks to intercept cleartext passwords during PLC unlock requests.

Is encryption relevant to CVE-2015-0987?

Yes, the vulnerability is significant because it relies on the absence of encryption for password transmission, making it susceptible to interception.

Vulnerability/
CVE-2015-0987

medium

CWE

200

3/10/2015

6/8/2024

CVE-2015-0987: Infoleak

First published: Sat Oct 03 2015(Updated: )

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Omron SYSMAC CX-Programmer	<=9.5
Omron CJ2H PLC	<=1.4
Omron CJ2	<=2.0

Never miss a vulnerability like this again

Reference Links

https://ics-cert.us-cert.gov/advisories/ICSA-15-274-01

Frequently Asked Questions

What is the severity of CVE-2015-0987?
CVE-2015-0987 is considered a high-severity vulnerability due to the risk of unauthorized access to sensitive information through cleartext password transmission.
How do I fix CVE-2015-0987?
To fix CVE-2015-0987, it is recommended to upgrade Omron CX-Programmer to version 9.6 or later, and CJ2M and CJ2H PLC devices to their respective secure versions.
What software is affected by CVE-2015-0987?
CVE-2015-0987 affects Omron CX-Programmer versions prior to 9.6, CJ2M PLC devices before version 2.1, and CJ2H PLC devices before version 1.5.
What type of attack does CVE-2015-0987 allow?
CVE-2015-0987 allows remote attackers to perform sniffing attacks to intercept cleartext passwords during PLC unlock requests.
Is encryption relevant to CVE-2015-0987?
Yes, the vulnerability is significant because it relies on the absence of encryption for password transmission, making it susceptible to interception.

agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/references
agent/severity
agent/last-modified-date
agent/author
agent/first-publish-date
agent/event
agent/description
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/omron
canonical/omron sysmac cx-programmer
version/omron sysmac cx-programmer/9.5
canonical/omron cj2h plc
version/omron cj2h plc/1.4
canonical/omron cj2
version/omron cj2/2.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.