Omron Engineering Software Zip-Slip

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to overwrite files on a system.

CVEs (1)

Remediations

• OMRON recommends the following general mitigation measures to minimize the risk of vulnerability exploitation:
• Anti-virus protection: Protect any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade anti-virus software protections.
• Security measures to prevent unauthorized access: Minimize connection of control systems and equipment to open networks so untrusted devices will be unable to access them. Implement firewalls (by shutting down unused communications ports, limiting communications hosts, etc.) and isolate them from the IT network. Use a virtual private network (VPN) for remote access to control systems and equipment. Use strong passwords and change them frequently. Install physical controls so only authorized personnel can access control systems and equipment. Scan for viruses to ensure safety of any USB drives or similar devices before connecting them to systems and devices. Enforce multifactor authentication whenever possible of all devices with remote access to control systems and equipment.
• Data input and output protection: Perform process validation, such as backup validation or range checks, to cope with unintentional modification of input/output data to control systems and devices.
• Data recovery: Periodical data backup and maintenance to prevent data loss.
• Please see Omron's Advisory for more information.

Affected Vendors

Affected Products (2)

Affected Sectors

Critical Manufacturing