Perform virus scans to ensure safety of any USB drives or similar devices before connecting to systems and devices.Install physical controls, allowing only authorized personnel access to control systems and equipment.Use strong passwords and change them frequently.Use antivirus protection by protecting any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade antivirus software protection.Omron provides additional mitigations to reduce the risk: Should assistance be needed for the update process, users should contact Omron. Omron recommends updating to the latest version:
Xina1i, working with Trend Micro’s Zero Day Initiative, reported this vulnerability to CISA. CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing.A CVSS v3 base score of 7.8 has been calculated the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.ĬVE-2022-2979 has been assigned to this vulnerability. Omron CX-Programmer: All versions prior to v9.78.The following Omron product, part of a software automation suite, is affected: Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
