What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2022-2979.

What is the severity of CVE-2022-2979?

The severity of CVE-2022-2979 is high, with a CVSS score of 7.8.

What is the affected software?

The affected software is Omron CX-Programmer, version up to and excluding 9.78.

How can I fix CVE-2022-2979?

Apply the necessary security patches or updates provided by the vendor to fix the vulnerability.

Vulnerability/
CVE-2022-2979

high

7.8

CWE

416

12/9/2022

17/9/2024

CVE-2022-2979: Omron CX-Programmer

First published: Mon Sep 12 2022(Updated: )

Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Omron CX-Programmer	<9.78
Omron CX-Programmer	<9.78	9.78

Remedy

Omron recommends updating to the latest version: Omron CX-Programmer: Update to v9.78 Should assistance be needed for the update process, users should contact Omron. Omron provides additional mitigations to reduce the risk: Use antivirus protection by protecting any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade antivirus software protection. Use strong passwords and change them frequently. Install physical controls, allowing only authorized personnel access to control systems and equipment. Perform virus scans to ensure safety of any USB drives or similar devices before connecting to systems and devices. Enforce multifactor authentication on all devices with remote access to control systems and equipment whenever possible. Perform validation processing, such as backup and range checks, to cope with unintentional modification of input/output data to control systems and devices. Perform periodic data backup and maintenance to prepare for data loss.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

ICSA-22-242-09

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-2979.
What is the severity of CVE-2022-2979?
The severity of CVE-2022-2979 is high, with a CVSS score of 7.8.
What is the affected software?
The affected software is Omron CX-Programmer, version up to and excluding 9.78.
What is the risk associated with CVE-2022-2979?
Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.
How can I fix CVE-2022-2979?
Apply the necessary security patches or updates provided by the vendor to fix the vulnerability.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/author
agent/title
agent/last-modified-date
agent/weakness
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/tags
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
vendor/omron
canonical/omron cx-programmer

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.