JVNDB-2026-011472

[Japanese]
JVNDB-2026-011472
OMRON UPS (Uninterruptible Power Supply) management application may insecurely load Dynamic Link Libraries
Overview
The UPS (Uninterruptible Power Supply) management application provided by OMRON Corporation may insecurely load Dynamic Link Libraries due to an issue with uncontrolled search path element (CWE-427, CVE-2026-5397). OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
CVSS Severity (What is CVSS?)

Affected Products

OMRON SOCIAL SOLUTIONS Co.,Ltd. PowerAttendant Standard Edition (Windows Version) Ver.2.1.2 and earlier

Impact
Arbitrary code may be executed with the administrator privilege when the application is executed.
Solution
[Update the software] Update the software to the latest version according to the information provided by the developer.
Vendor Information
OMRON Corporation OMRON Corporation : Vulnerability Related to an Uncontrolled Search Path Element in a UPS Management Application
CWE (What is CWE?)
Uncontrolled Search Path Element(CWE-427) [Other]
CVE (What is CVE?)
CVE-2026-5397
References
JVN : JVNVU#94583735 JVN : JVNTA#91240916
Revision History
[2026/04/17] Web page was published

OMRON UPS (Uninterruptible Power Supply) management application may insecurely load Dynamic Link Libraries