CVE-2022-2979

Omron CX-Programmer

Description

Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.

Remediation

Solution:

  • Omron recommends updating to the latest version: Omron CX-Programmer: Update to v9.78 Should assistance be needed for the update process, users should contact Omron. Omron provides additional mitigations to reduce the risk: Use antivirus protection by protecting any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade antivirus software protection. Use strong passwords and change them frequently. Install physical controls, allowing only authorized personnel access to control systems and equipment. Perform virus scans to ensure safety of any USB drives or similar devices before connecting to systems and devices. Enforce multifactor authentication on all devices with remote access to control systems and equipment whenever possible. Perform validation processing, such as backup and range checks, to cope with unintentional modification of input/output data to control systems and devices. Perform periodic data backup and maintenance to prepare for data loss.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.10%
Third-Party Advisory cisa.gov
Affected: Omron CX-Programmer
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-09 third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2022-2979?
CVE-2022-2979 has been scored as a high severity vulnerability.
How to fix CVE-2022-2979?
To fix CVE-2022-2979: Omron recommends updating to the latest version: Omron CX-Programmer: Update to v9.78 Should assistance be needed for the update process, users should contact Omron. Omron provides additional mitigations to reduce the risk: Use antivirus protection by protecting any PC with access to the control system against malware and ensure installation and maintenance of up-to-date commercial grade antivirus software protection. Use strong passwords and change them frequently. Install physical controls, allowing only authorized personnel access to control systems and equipment. Perform virus scans to ensure safety of any USB drives or similar devices before connecting to systems and devices. Enforce multifactor authentication on all devices with remote access to control systems and equipment whenever possible. Perform validation processing, such as backup and range checks, to cope with unintentional modification of input/output data to control systems and devices. Perform periodic data backup and maintenance to prepare for data loss.
Is CVE-2022-2979 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-2979 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-2979?
CVE-2022-2979 affects Omron CX-Programmer.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.