CVE-2014-2369

EUVD-2014-2406
Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
omronns_series_system_program_firmware
8.1
omronns_series_system_program_firmware
8.68
omronns10_hmi_terminal
-
omronns12_hmi_terminal
-
omronns15_hmi_terminal
-
omronns5_hmi_terminal
-
omronns8_hmi_terminal
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://automation.omron.com/en/us/products/
https://www.cisa.gov/news-events/ics-advisories/icsa-14-203-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-203-01