CVE-2019-13533: In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traf...
In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves.
Security readout for executives and security teams
Plain-English summary
This flaw affects Omron CJ and CS series PLCs. A network attacker who can observe PLC-controller traffic may replay requests, potentially causing industrial valves to open or close. The business risk is process disruption or unsafe equipment behavior, especially where these PLCs control live operations.
Executive priority
Treat this as high priority for OT environments controlling valves or safety-relevant processes. The immediate focus should be exposure discovery, vendor guidance review, and reducing opportunities for traffic observation.
Technical view
CVE-2019-13533 is a CWE-294 authentication-bypass-by-capture-replay issue in all listed Omron PLC CJ and CS series versions. The CVSS 3.1 score is 8.1 with network attack vector, no privileges, no user interaction, high attack complexity, scope change, and high availability impact.
Likely exposure
Exposure is most relevant in industrial networks using Omron CJ or CS series PLCs where attackers can monitor controller-to-PLC traffic. Internet exposure is not stated in the provided sources.
Exploitation context
The source bundle does not show CISA KEV listing or cited evidence of active exploitation. The described attack requires monitoring traffic and replaying requests, so network position is central to risk.
Researcher notes
Evidence is limited to the CVE description, CVSS metadata, affected product statement, CWE-294 classification, and CISA advisory reference. No exploit status, proof-of-concept, patch version, or detailed mitigation is included in the provided bundle.
Mitigation direction
Inventory Omron CJ and CS series PLCs in operational environments.
Review the CISA advisory and Omron guidance before changing PLC configurations.
Limit untrusted access to PLC-controller communication paths.
Confirm process safety controls around valve open and close actions.
Do not assume a patch exists from this source bundle alone.
Validation and detection
Check asset inventory for Omron PLC CJ and CS series devices.
Map which controllers communicate with affected PLCs.
Review network paths where PLC traffic could be observed.
Verify whether valve-control processes depend on affected PLCs.
Document vendor advisory status and remediation decisions.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-294: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-294 · source CWE mapping
Authentication Bypass by Capture-replay
Authentication Bypass by Capture-replay represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.