You are here

Omron Network Configurator for DeviceNet (Update A) (ICSA-19-134-01)

Omron Network Configurator for DeviceNet (Update A) (ICSA-19-134-01)

Created: Thursday, November 7, 2019 - 10:54
Cyber Security

November 5, 2019

CISA has updated this advisory with additional details on mitigation measures. Read the advisory at CISA.

May 15, 2019

The NCCIC has published an advisory on an untrusted search path vulnerability in Omron Network Configurator for DeviceNet. Versions 3.41 and prior are affected. Successful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution under the privileges of the application. Omron is planning on releasing an update that mitigates the issues in the near future. In the meantime, it has recommended a series of workarounds for mitigation. The NCCIC has also provided a series of measures to address this vulnerability. Read the advisory at NCCIC/ICS-CERT.