Executable files writable by low-privileged users in Omron Sysmac Studio

Vulnerability

Omron Sysmac Studio version 1.54 and prior installs executables in a directory with weak permissions [1]. Specifically, low-privileged users are granted write access to these files, which violates the principle of least privilege (CWE-285 Improper Authorization) [1]. This misconfiguration allows a locally-authenticated attacker to overwrite executables that may be executed by a different user.

Exploitation

An attacker must have local access to the affected system and be able to authenticate as a low-privileged user [1]. No user interaction beyond initial authentication is required; the attacker can directly modify the installed files in the writable directory [1]. The attack complexity is low, and no special privileges beyond the initial low-privileged account are needed [1]. The attacker simply overwrites a target executable with a malicious payload. When a higher-privileged user or system process later runs that executable, the attacker's code executes in that user's context.

Impact

Successful exploitation allows the attacker to execute arbitrary code with the privileges of a different user [1]. This can lead to a complete compromise of integrity (file replacement) and potentially privilege escalation on the local machine [1]. Confidentiality and availability are not directly impacted according to the CVSS vector (C:N/I:H/A:N) [1].

Mitigation

Omron recommends general security measures including anti-virus protection, restricting network access, using firewalls and VPNs, enforcing strong passwords, and implementing physical access controls [1]. No specific patch or fixed version is mentioned in the available reference; users should apply the vendor's general guidance and restrict local access to trusted personnel [1].