Risk | Low |
Patch available | NO |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-27121 |
CWE-ID | CWE-22 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Machine Automation Controller NJ101 Hardware solutions / Firmware Machine Automation Controller NJ301 Hardware solutions / Firmware Machine Automation Controller NJ501-1 Hardware solutions / Firmware Machine Automation Controller NJ501 Hardware solutions / Firmware Machine Automation Controller NJ501-4 Hardware solutions / Firmware Machine Automation Controller NJ501-5300 Hardware solutions / Firmware Machine Automation Controller NJ501-R Hardware solutions / Firmware Machine Automation Controller NX1P2 Hardware solutions / Firmware Machine Automation Controller NX102 Hardware solutions / Firmware Machine Automation Controller NX502 Hardware solutions / Firmware Machine Automation Controller NX701 Hardware solutions / Firmware Machine Automation Controller NX-EIP201 Hardware solutions / Firmware |
Vendor | Omron |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU87209
Risk: Low
CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2024-27121
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote administrator can send a specially crafted HTTP request and read arbitrary files on the system, leading to arbitrary code execution.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsMachine Automation Controller NJ101: 1.64.03
Machine Automation Controller NJ301: 1.64.00
Machine Automation Controller NJ501-1: 1.64.03
Machine Automation Controller NJ501: 1.64.00
Machine Automation Controller NJ501-4: 1.64.00
Machine Automation Controller NJ501-5300: 1.64.00
Machine Automation Controller NJ501-R: 1.64.00
Machine Automation Controller NX1P2: 1.64.00
Machine Automation Controller NX102: 1.64.00
Machine Automation Controller NX502: 1.65.01
Machine Automation Controller NX701: 1.35.00
Machine Automation Controller NX-EIP201: 1.00.01
External linkshttp://jvn.jp/en/vu/JVNVU95852116/index.html
http://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-001_en.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.