Omron CX-Supervisor (Update A) (ICSA-19-017-01) – Product Used in the Energy Sector

February 7, 2019

The NCCIC has updated this advisory with additional information on the vulnerabilities and technical details of the affected products. Read the advisory at NCCIC/ICS-CERT.

January 17, 2019

The NCCIC has released an advisory on code injection, command injection, use after free, and type confusion vulnerabilities in Omron CX-Supervisor. Versions 3.42 and prior are affected. Successful exploitation of these vulnerabilities could result in a denial-of-service condition and/or allow an attacker to achieve code execution with privileges within the context of the application. Omron has released Version 3.5.0.11 of CX-Supervisor to address the reported vulnerabilities. To be protected, development projects must be upgraded and saved in the new format, then rebuilt in the latest 3.5.0.11 format. The NCCIC also advises on a series of mitigating measures for these vulnerabilities. Read the full advisory at NCCIC/ICS-CERT.