CVE-2022-45793

MEDIUM

Omron Sysmac Studio < 1.54 - Incorrect Default Permissions in Executable Directory

Title source: llm

Description

Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user.

References (3)

Core 3

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-262-04

Third Party Advisory

https://www.dragos.com/advisory/omron-plc-and-engineering-software-network-and-file-format-access/

Vendor Advisory

https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2023-009_en.pdf

Scores

CVSS v3 5.5

EPSS 0.0025

EPSS Percentile 15.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-276

Status published

Products (1)

omron/automation_software_sysmac_studio < 1.54

Published Jan 10, 2024

Tracked Since Feb 18, 2026