cbcvebase.
CVE-2015-0987
published 2015-10-06

CVE-2015-0987: Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows…

PriorityP350critical10CVSS 3.1
AVNACLPRNUINSCCHILAH
EPSS
1.16%
63.2th percentile
Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.

Affected

3 ranges
VendorProductVersion rangeFixed in
omroncj2h_plc<= 1.4
omroncj2m_plc<= 2.0
omroncx-programmer<= 9.5

CVSS provenance

nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.