[Japanese]

JVNDB-2025-014105

OMRON SOCIAL SOLUTIONS Uninterruptible Power Supply (UPS) management application registers a Windows service with an unquoted file path

Overview

Uninterruptible Power Supply (UPS) management application provided by OMRON SOCIAL SOLUTIONS Co., Ltd. registers a Windows service with an unquoted file path (CWE-428, CVE-2025-9818).

OMRON SOCIAL SOLUTIONS Co., Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
CVSS Severity (What is CVSS?)

Affected Products


OMRON SOCIAL SOLUTIONS Co.,Ltd.
  • PowerAct Pro (Windows version) <Slave Agent> Ver. 5.20 or lower (Currently available)
  • PowerAct Pro (Windows version) <Master Agent> Ver. 5.17 or lower (End of support)
  • PowerAttendant Basic Edition (Windows version) Ver. 1.1.0 or lower (Currently available)
  • PowerAttendant Standard Edition (Windows version) Ver. 2.0.0 or lower (Currently available)
  • Simple Shutdown Software (Windows version) Ver. 2.51 or lower (End of support)

For more information, refer to the information provided by the developer.
Impact

A malicious file may be executed with the service account privileges if the installation folder path contains spaces.
Solution

[Update the software]
Apply the appropriate update that contains a fix for this vulnerability.

* PowerAttendant Standard Edition (Windows version)
Ver. 2.1.0 September 17, 2025
* PowerAttendant Basic Edition (Windows version)
Ver. 1.1.1 September 17, 2025
* PowerAct Pro (Windows Version) Slave Agent
Ver. 5.21 September 17, 2025

[Apply the patch]
Apply the patch if the update cannot be applied.

* PowerAttendant Standard Edition (Windows Version)
Ver. 2.0.0 or lower September 17, 2025
* PowerAttendant Basic Edition (Windows Version)
Ver. 1.1.0 or lower September 17, 2025

[Switch to alternative products]
Users of the unsupported products should consider using the alternative products.
For the details of alternative products names/versions, refer to the information provided by the developer.
Vendor Information

OMRON SOCIAL SOLUTIONS Co.,Ltd.
CWE (What is CWE?)

  1. Unquoted Search Path or Element(CWE-428) [Other]
CVE (What is CVE?)

  1. CVE-2025-9818
References

  1. JVN : JVNVU#93403671
Revision History

  • [2025/09/19]
      Web page was published

Date Public2025/09/18
Date First Published2025/09/19
Date Last Updated2025/09/19