Omron Engineering Software

Monitor5.5ICS-CERT ICSA-23-262-04Sep 19, 2023

Summary

A vulnerability in Omron Sysmac Studio (version 1.54 and earlier) allows arbitrary code execution with local access to an engineering workstation. This affects the integrity of control system projects before deployment to field devices. No public exploitation has been reported. The vulnerability is not remotely exploitable. No fix is currently available from Omron.

What this means

What could happen

An attacker with local access to an engineering workstation running Sysmac Studio could execute arbitrary code, potentially allowing them to modify control logic or project files before deployment to PLCs and other controllers.

Who's at risk

Manufacturing organizations using Omron Sysmac Studio engineering software for designing and configuring PLCs, motion controllers, and safety systems should be concerned. This affects anyone with Sysmac Studio version 1.54 or earlier installed on engineering workstations.

How it could be exploited

An attacker must have local access to a PC running Sysmac Studio. They could exploit the vulnerability through a malicious file or direct code execution on the engineering workstation itself, compromising the integrity of control system projects before they are downloaded to field devices.

Prerequisites

Local access to the engineering workstation running Sysmac Studio
Sysmac Studio version 1.54 or earlier installed

no patch availableaffects engineering/control design toolslocal exploitation only

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

Sysmac Studio: <= 1.54≤ 1.54No fix (EOL)

Remediation & Mitigation

0/8

Do now

0/5

HARDENINGRestrict physical and logical access to engineering workstations running Sysmac Studio to authorized personnel only

HARDENINGImplement and maintain up-to-date commercial-grade anti-virus software on all engineering workstations

HARDENINGIsolate engineering workstations and Sysmac Studio systems from open networks and the internet

WORKAROUNDScan all USB drives and removable media for malware before connecting to Sysmac Studio systems

HARDENINGEnforce strong passwords on engineering workstations and change them frequently

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGEnforce multifactor authentication for any remote access to engineering workstations

HARDENINGPerform regular backups of control system projects and verify backup integrity

Mitigations - no patch available

0/1

Sysmac Studio: <= 1.54 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement process validation and range checks on project inputs and outputs

CVEs (1)

CVE-2022-45793

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/13c456a4-5b4e-403b-a7dd-4b2d1d5c5750