[Japanese]

JVNDB-2026-000022

Oki Electric Industry products and OEM products register Windows services with unquoted file paths

Overview

Configuration Tool provided by Oki Electric Industry Co., Ltd., Ricoh Co., Ltd., and Murata Machinery, Ltd. contain the following vulnerability.
  • Unquoted search path or element (CWE-428) - CVE-2026-24466
Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.7 (Medium) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products

Multiple products are affected by this vulnerability. For details, see the "Vendor Information" section.

(Multiple Venders)
  • (Multiple Products)

Impact

A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Solution

For the solution, refer to the information provided by the vendor.
Vendor Information

Ricoh Co., Ltd Oki Electric Industry Co., Ltd. Murata Machinery, Ltd.
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2026-24466
References

  1. JVN : JVN#55395471
Revision History

  • [2026/02/09]
      Web page was published

Date Public2026/02/09
Date First Published2026/02/09
Date Last Updated2026/02/09