CVE-2014-2369

2014-07-2414:55:07

CWE-352

[email protected]

web.nvd.nist.gov

cve-2014-2369

csrf vulnerability

omron

hmi terminals

nvd

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.3%

JSON

Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Affected configurations

NVD

Node

omronns_series_system_program_firmwareMatch8.1

omronns_series_system_program_firmwareMatch8.68

AND

omronns10_hmi_terminalMatch-

omronns12_hmi_terminalMatch-

omronns15_hmi_terminalMatch-

omronns5_hmi_terminalMatch-

omronns8_hmi_terminalMatch-

CPENameOperatorVersion
omron:ns_series_system_program_firmwareomron ns series system program firmwareeq8.1
omron:ns_series_system_program_firmwareomron ns series system program firmwareeq8.68
omron:ns10_hmi_terminalomron ns10 hmi terminaleq-
omron:ns12_hmi_terminalomron ns12 hmi terminaleq-
omron:ns15_hmi_terminalomron ns15 hmi terminaleq-
omron:ns5_hmi_terminalomron ns5 hmi terminaleq-
omron:ns8_hmi_terminalomron ns8 hmi terminaleq-

CPE	Name	Operator	Version
omron:ns_series_system_program_firmware	omron ns series system program firmware	eq	8.1
omron:ns_series_system_program_firmware	omron ns series system program firmware	eq	8.68
omron:ns10_hmi_terminal	omron ns10 hmi terminal	eq	-
omron:ns12_hmi_terminal	omron ns12 hmi terminal	eq	-
omron:ns15_hmi_terminal	omron ns15 hmi terminal	eq	-
omron:ns5_hmi_terminal	omron ns5 hmi terminal	eq	-
omron:ns8_hmi_terminal	omron ns8 hmi terminal	eq	-