[Japanese]

JVNDB-2024-011833

Incorrect authorization vulnerability in OMRON Sysmac Studio

Overview

Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability (CWE-863, CVE-2024-49501).

OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated with OMRON Corporation for the JVN advisory publication.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 5.7 (Medium) [Other]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
Affected Products


OMRON Corporation
  • SYSMAC-SE2[][][] all versions

As for how to check the affected versions, refer to the following manual and the section provided by the developer.
* Sysmac Studio Version 1 Operation Manual (W504) "Displaying and Registering Licenses" section
Impact

If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function.
Solution

[Update the firmware]
Update the firmware to SYSMAC-SE2[][][] Ver.1.60 or later according to the information provided by the developer.

For the details of how to apply the latest update, refer to the information provided by the developer.
Vendor Information

OMRON Corporation
CWE (What is CWE?)

  1. Incorrect Authorization(CWE-863) [Other]
CVE (What is CVE?)

  1. CVE-2024-49501
References

  1. JVN : JVNVU#95685374
Revision History

  • [2024/11/05]
      Web page was published