Login Sign Up

CVE-2020-6986

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2020-6986 is a denial-of-service vulnerability in Omron PLC CJ Series where an attacker can send specific data packets to cause a service error on the PLC Ethernet module, resulting in PLC service denial. This affects all versions of Omron PLC CJ Series with Ethernet modules, primarily impacting industrial control systems in manufacturing, energy, and critical infrastructure sectors.

💻 Affected Systems

Products:
  • Omron PLC CJ Series with Ethernet modules
Versions: All versions
Operating Systems: PLC firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Ethernet modules enabled and accessible via network.

📦 What is this software?

Plc Cj1 Firmware by Omron

View all CVEs affecting Plc Cj1 Firmware →

Plc Cj2 Firmware by Omron

View all CVEs affecting Plc Cj2 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete PLC service denial leading to production stoppage, equipment damage, or safety system failures in industrial environments.

🟠

Likely Case

Temporary PLC unavailability causing production interruptions until manual reset or system restart.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring allowing quick detection and response.

🌐 Internet-Facing: HIGH - Directly accessible PLCs can be easily targeted from the internet.
🏢 Internal Only: MEDIUM - Requires network access but could be exploited by malicious insiders or compromised internal systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specific data packets but no authentication needed. Likely weaponized in ICS-targeting toolkits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://www.us-cert.gov/ics/advisories/icsa-20-063-03

Restart Required: No

Instructions:

No official patch available. Follow workarounds and mitigation strategies from ICS-CERT advisory.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate PLCs in separate network segments with firewall rules restricting access.

Access Control Lists

all

Implement strict ACLs allowing only authorized IP addresses to communicate with PLCs.

🧯 If You Can't Patch

  • Implement network monitoring for abnormal packet patterns targeting PLCs
  • Deploy intrusion detection systems with ICS-specific signatures

🔍 How to Verify

Check if Vulnerable:

Check if Omron PLC CJ Series with Ethernet module is accessible on network and running any version.

Check Version:

Check PLC firmware version via Omron CX-Programmer software or PLC web interface.

Verify Fix Applied:

Verify network segmentation and access controls prevent unauthorized access to PLC network segments.

📡 Detection & Monitoring

Log Indicators:

  • PLC service error logs
  • Ethernet module restart events
  • Unusual packet rate to PLC ports

Network Indicators:

  • High volume of specific data packets to PLC Ethernet ports (typically TCP/UDP)
  • Connection attempts from unauthorized IPs

SIEM Query:

source_ip=* AND dest_port=* AND (protocol=TCP OR protocol=UDP) AND packet_count>threshold AND dest_ip=PLC_subnet

📊 Metadata

CVE ID: CVE-2020-6986
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Published: March 5, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-6986, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)