OMVA Vulnerability Early Warning

After the computer restarts, OMVA allows using an already connected unauthorized USB device

Vulnerability

OPSWAT Media Validation Agent (OMVA) had a vulnerability that allowed the use of an unauthorized USB device after a computer restart.

An actor (attacker or a victim) who has access to a computer that is protected by OMVA and can insert USB media, after a system restarts the actor will be able to use the non-authorized USB key and its content.

Attack vectors

Attack vector #1:

The attacker must get physical access to the computer, insert the unauthorized device (like a USB key), and reboot the system. After the reboot, the attacker can use the attached device, because OMVA does not block that.

Attack vector #2:

The attacker convinces the victim via social engineering to insert the media, restart the computer, and start to use the media device (e.g opening a file).

Affected Versions

OMVA Up to version 2.0.10.247

Solution

Update to newest (preferably most updated) version of the OMVA.

In all versions starting OMVA 2.0.10.247 access to Removable and Peripheral Media will also be restricted during bootup

For more details about OPSWAT Media Validation Tool (OMVA) please refer OPSWAT OMVA Documentation.

CVE-2024-37604 was reserved for the aforementioned vulnerability, an update be provided once a CVE will be available.

Credits

Reported-by: Cybersecurity Group – Emerson

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Archived Release Notes
On This Page
OMVA Vulnerability Early WarningAfter the computer restarts, OMVA allows using an already connected unauthorized USB deviceVulnerabilityAttack vectorsAttack vector #1:Attack vector #2:Affected VersionsSolutionCredits