Published:2024/11/01  Last Updated:2024/11/01

JVNVU#95685374
Incorrect authorization vulnerability in OMRON Sysmac Studio

Overview

Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability.

Products Affected

  • SYSMAC-SE2[][][] all versions
As for how to check the affected versions, refer to the following manual and the section provided by the developer.
  • Sysmac Studio Version 1 Operation Manual (W504) "Displaying and Registering Licenses" section

Description

Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability (CWE-863, CVE-2024-49501).

Impact

If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function.

Solution

Update the firmware
Update the firmware to SYSMAC-SE2[][][] Ver.1.60 or later according to the information provided by the developer.
For the details of how to apply the latest update, refer to the information provided by the developer.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Base Score: 5.7
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)

Credit

OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated with OMRON Corporation for the JVN advisory publication.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2024-49501
JVN iPedia