CVE-2022-45793

EUVD-2022-48649
Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
DragosCNA
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
omronautomation_software_sysmac_studio
𝑥
≤ 1.54
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04
https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/
https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-009_en.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04
https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/
https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-009_en.pdf