CVE-2015-0987
published 2015-10-06CVE-2015-0987: Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows…
PriorityP350critical10CVSS 3.1
AVNACLPRNUINSCCHILAH
EPSS
1.16%
63.2th percentile
Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| omron | cj2h_plc | <= 1.4 | — |
| omron | cj2m_plc | <= 2.0 | — |
| omron | cx-programmer | <= 9.5 | — |
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Omron CX-One CX-Programmer/CJ2M PLC/CJ2H PLC PLC Unlock information disclosure (SBV-53997 / BID-76938)
vuldb·2026-06-03·CVSS 10.0
CVE-2015-0987 [CRITICAL] Omron CX-One CX-Programmer/CJ2M PLC/CJ2H PLC PLC Unlock information disclosure (SBV-53997 / BID-76938)
A vulnerability, which was classified as problematic, was found in Omron CX-One CX-Programmer, CJ2M PLC and CJ2H PLC. The impacted element is an unknown function of the component PLC Unlock Handler. Such manipulation leads to information disclosure.
This vulnerability is documented as CVE-2015-0987. The attack can be executed remotely. There is not any exploit available.
You should upgrade the affected component.
GHSA
GHSA-pjf3-6cr6-cfg3: Omron CX-One CX-Programmer before 9
ghsa_unreviewed·2022-05-17
CVE-2015-0987 [MEDIUM] CWE-200 GHSA-pjf3-6cr6-cfg3: Omron CX-One CX-Programmer before 9
Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.
CISA ICS
Omron Multiple Product Vulnerabilities
cisa_ics·2019-01-31
Omron Multiple Product Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Omron Multiple Product Vulnerabilities
Last RevisedJanuary 31, 2019
Alert CodeICSA-15-274-01
## OVERVIEW
Air Force Institute of Technology researcher Stephen Dunlap has identified vulnerabilities in Omron Corporation’s CX-Programmer software, CJ2M series programmable logic controller (PLC), and CJ2H series PLC. Omron Corporation has produced new versions that mitigate these vulnerabilities.
One of the three vulnerabilities could be exploited remotely.
## AFFECTED PRODUCTS
The following Omron Corporation products are affected:
- CX-Programmer software, versions prior to Versi
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-10-06
Published