Detections
Analytics

Omron NS HMIs 8.1xx <= 8.68x CSRF

medium Nessus Network Monitor Plugin ID 720046

Synopsis

Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS HMI terminals allows the hijack of authenticated sessions.

Description

Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-14-203-01,http://ics-cert.us-cert.gov/advisories/ICSA-14-203-01

Plugin Details

Severity: Medium

ID: 720046

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

Patch Publication Date: 7/22/2014

Vulnerability Publication Date: 7/22/2014

Reference Information

CVE: CVE-2014-2369