Omron Engineering Software Zip-Slip
MonitorCVSS 5.5ICS-CERT ICSA-23-262-03Sep 19, 2023
Omron
Attack path
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
A zip-slip path traversal vulnerability in Omron Sysmac Studio (version 1.54 and earlier) and NX-IO Configurator (version 1.22 and earlier) allows local attackers to overwrite arbitrary files on the system when a user extracts a malicious zip archive. The vulnerability results from insufficient validation of zip entry paths before extraction. Successful exploitation could corrupt application files, system files, or control system configurations, leading to loss of data or system instability. No vendor patches are available for either product.
What this means
What could happen
An attacker with local access to an engineering workstation could overwrite critical files on the system, potentially corrupting control system configurations or data used by Omron PLCs and I/O devices.
Who's at risk
Engineering teams at water utilities, electric utilities, and other critical infrastructure operators using Omron automation platforms should care. Sysmac Studio is the primary configuration and programming tool for Omron PLCs and safety controllers. NX-IO Configurator manages networked I/O modules. Both are used to design, test, and maintain control logic for pumping systems, electrical distribution, process control, and safety interlocks.
How it could be exploited
An attacker must trick a user into extracting a malicious zip file on a system running Sysmac Studio or NX-IO Configurator. The zip contains crafted entries with path traversal sequences (../) that bypass directory restrictions, allowing the attacker to write files outside the intended extraction folder and overwrite system or application files.
Prerequisites
- Local access to the workstation running Omron Sysmac Studio or NX-IO Configurator
- User interaction required: victim must extract a malicious zip archive
- Application must attempt to extract the zip file without proper path validation
No authentication required (local user interaction only)Low attack complexityNo patch available (end-of-life products)Affects engineering workstations that control critical operationsFile overwrite could corrupt control system configurations
Exploitability
Some exploitation risk — EPSS score 1.2%
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
Sysmac Studio: <= 1.54≤ 1.54No fix (EOL)
NX-IO Configurator: <= 1.22≤ 1.22No fix (EOL)
Remediation & Mitigation
0/6
Do now
0/2HARDENINGImplement antivirus and antimalware protection on all workstations running Sysmac Studio or NX-IO Configurator, configured to detect zip-slip and other file-based attacks.
HARDENINGRestrict and monitor USB device connections to engineering workstations; scan all removable media for malware before connecting to systems.
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGTrain users not to extract zip files from untrusted sources and to verify the source of archive files before opening them.
Mitigations - no patch available
0/3The following products have reached End of Life with no planned fix: Sysmac Studio: <= 1.54, NX-IO Configurator: <= 1.22. Apply the following compensating controls:
HARDENINGIsolate engineering workstations from the business network and internet using a firewall; restrict outbound connections to only necessary systems.
HARDENINGImplement regular full-disk backups of engineering workstations and test restore procedures to enable rapid recovery if files are corrupted.
HARDENINGEnforce multi-factor authentication on all remote access to engineering workstations to reduce risk of account compromise and malicious file delivery.
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/9be86ff0-cb88-4c3b-b85e-4ffa17dafd58Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.