{"api_version":"1","generated_at":"2026-06-05T05:33:19+00:00","cve":"CVE-2019-13533","urls":{"html":"https://cve.report/CVE-2019-13533","api":"https://cve.report/api/cve/CVE-2019-13533.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-13533","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-13533"},"summary":{"title":"CVE-2019-13533","description":"In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves.","state":"PUBLISHED","assigner":"icscert","published_at":"2019-12-16 20:15:14","updated_at":"2026-06-02 21:16:23"},"problem_types":["CWE-294","CWE-294 AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"}},{"version":"3.1","source":"ADP","type":"DECLARED","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"8.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://www.us-cert.gov/ics/advisories/icsa-19-346-02","name":"https://www.us-cert.gov/ics/advisories/icsa-19-346-02","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"Omron PLC CJ and CS Series (Update B) | CISA","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-13533","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13533","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"Omron PLC CJ and CS Series","version":"affected Omron PLC CJ series, all versions, Omron PLC CS series, all versions","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"13533","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"omron","cpe5":"plc_cj_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"13533","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"omron","cpe5":"plc_cs_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2019","cve_id":"13533","cve":"CVE-2019-13533","epss":"0.002760000","percentile":"0.512070000","score_date":"2026-06-04","updated_at":"2026-06-05 00:02:14"},"legacy_qids":[{"cve":"CVE-2019-13533","qid":"590463","title":"Omron PLC CJ and CS Series Multiple Vulnerabilities (ICSA-19-346-02)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-04T23:57:39.436Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.us-cert.gov/ics/advisories/icsa-19-346-02"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2019-13533","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-02T19:54:11.381460Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-02T19:54:24.176Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"Omron PLC CJ and CS Series","vendor":"n/a","versions":[{"status":"affected","version":"Omron PLC CJ series, all versions, Omron PLC CS series, all versions"}]}],"descriptions":[{"lang":"en","value":"In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-294","description":"AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2019-12-16T19:25:00.000Z","orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.us-cert.gov/ics/advisories/icsa-19-346-02"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2019-13533","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Omron PLC CJ and CS Series","version":{"version_data":[{"version_value":"Omron PLC CJ series, all versions, Omron PLC CS series, all versions"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"}]}]},"references":{"reference_data":[{"name":"https://www.us-cert.gov/ics/advisories/icsa-19-346-02","refsource":"MISC","url":"https://www.us-cert.gov/ics/advisories/icsa-19-346-02"}]}}}},"cveMetadata":{"assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","assignerShortName":"icscert","cveId":"CVE-2019-13533","datePublished":"2019-12-16T19:25:00.000Z","dateReserved":"2019-07-11T00:00:00.000Z","dateUpdated":"2026-06-02T19:54:24.176Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2019-12-16 20:15:14","lastModifiedDate":"2026-06-02 21:16:23","problem_types":["CWE-294","CWE-294 AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.3},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.3}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:omron:plc_cj_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"7AF2C347-B4A7-4505-98A4-AFDCB1FCD386"},{"vulnerable":true,"criteria":"cpe:2.3:o:omron:plc_cs_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"DF9CD76C-F6E9-4E01-A039-4049B706DD92"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"13533","Ordinal":"1","Title":"CVE-2019-13533","CVE":"CVE-2019-13533","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"13533","Ordinal":"1","NoteData":"In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves.","Type":"Description","Title":"CVE-2019-13533"},{"CveYear":"2019","CveId":"13533","Ordinal":"2","NoteData":"2019-12-16","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"13533","Ordinal":"3","NoteData":"2019-12-16","Type":"Other","Title":"Modified"}]}}}