JVNVU#94583735: OMRON UPS (Uninterruptible Power Supply) management application may insecurely load Dynamic Link Libraries

Overview

The UPS (Uninterruptible Power Supply) management application provided by OMRON Corporation may insecurely load Dynamic Link Libraries.

Products Affected

PowerAttendant Standard Edition (Windows Version) Ver.2.1.2 and earlier

Description

The UPS (Uninterruptible Power Supply) management application provided by OMRON Corporation may insecurely load Dynamic Link Libraries due to an issue with uncontrolled search path element (CWE-427, CVE-2026-5397).

Impact

Arbitrary code may be executed with the administrator privilege when the application is executed.

Solution

Update the software
Update the software to the latest version according to the information provided by the developer.

Vendor Status

Vendor	Link
OMRON Corporation	Vulnerability Related to an Uncontrolled Search Path Element in a UPS Management Application

References

Japan Vulnerability Notes JVNTA#91240916
Insecure DLL Loading and Command Execution Issues on Many Windows Application Programs

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

JVNVU#94583735 OMRON UPS (Uninterruptible Power Supply) management application may insecurely load Dynamic Link Libraries