Omron Network Configurator for DeviceNet (Update A)

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to achieve arbitrary code execution under the privileges of the application.

CVEs (1)

Remediations

• Omron has released Version 3.42 of Network Configurator for DeviceNet Safety to address the reported vulnerability. Users can download the latest version of Network Configurator for DeviceNet Safety.
• Remove or restrict directories listed in the PATH environment variable.
• Ensure system directories are writable only by administrators, which is Windows' initial configuration.
• Operate Windows PCs with a standard user (non-administrator) account. Administrator accounts should be used only when necessary.
• Ensure there are no untrusted files in the directory where the application is installed.
• Confirm no untrusted files exist in the same directory before double-clicking project file or copying the project file to a trusted directory or a newly-created temporary directory.
• Do not click web links or open unsolicited attachments in email messages.
• Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
• Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing