Omron has an update available to mitigate an use of obsolete function vulnerability in its CX-Supervisor, according to a report with CISA.
Successful exploitation of this remotely exploitable vulnerability, discovered by Michael DePlante of Trend Micro’s Zero Day Initiative, could result in information disclosure, total compromise of the system, and system unavailability.
The following versions of both ‘Full Development’ and ‘Runtime Only’ packages of Omron’s SCADA and HMI package ‘CX-Supervisor’ are affected: CX-Supervisor Versions 3.5 (12) and prior. In the vulnerability, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to three known bugs.
CVE-2019-11769, CVE-2018-16550, CVE-2018-14333, and CVE-2010-3128 are the case numbers assigned to this vulnerability, which have a CVSS v3 base score of 8.8.
The product sees use mainly in the energy sector and it sees action on a global basis.
No known public exploits specifically target this vulnerability. However an attacker with low skill level could leverage the vulnerability.
Japan-based Omron recommends users update to CX-Supervisor 3.51 (9).