Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Omron | Ns Series System Program Firmware | 8.1 |
| Omron | Ns10 Hmi Terminal | - |
| Omron | Ns12 Hmi Terminal | - |
| Omron | Ns15 Hmi Terminal | - |
| Omron | Ns5 Hmi Terminal | - |
| Omron | Ns8 Hmi Terminal | - |
Related Weaknesses (CWE)
References
- https://automation.omron.com/en/us/products/
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-203-01
- http://ics-cert.us-cert.gov/advisories/ICSA-14-203-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2014-2369?
CVE-2014-2369 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authent...
How severe is CVE-2014-2369?
CVE-2014-2369 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2369?
Check the references section above for vendor advisories and patch information. Affected products include: Omron Ns Series System Program Firmware, Omron Ns10 Hmi Terminal, Omron Ns12 Hmi Terminal, Omron Ns15 Hmi Terminal, Omron Ns5 Hmi Terminal.