All the vulnerabilites related to OMRON Corporation - SYSMAC-SE2[][][]
jvndb-2024-011833
Vulnerability from jvndb
Published
2024-11-05 15:29
Modified
2024-11-05 15:29
Severity ?
Summary
Incorrect authorization vulnerability in OMRON Sysmac Studio
Details
Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability (CWE-863, CVE-2024-49501). OMRON Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated with OMRON Corporation for the JVN advisory publication.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-011833.html",
  "dc:date": "2024-11-05T15:29+09:00",
  "dcterms:issued": "2024-11-05T15:29+09:00",
  "dcterms:modified": "2024-11-05T15:29+09:00",
  "description": "Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability (CWE-863, CVE-2024-49501).\r\n\r\nOMRON Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC coordinated with OMRON Corporation for the JVN advisory publication.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-011833.html",
  "sec:cpe": {
    "#text": "cpe:/a:omron:sysmac-se2",
    "@product": "SYSMAC-SE2[][][]",
    "@vendor": "OMRON Corporation",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.7",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-011833",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU95685374/index.html",
      "@id": "JVNVU#95685374",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-49501",
      "@id": "CVE-2024-49501",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/863.html",
      "@id": "CWE-863",
      "@title": "Incorrect Authorization(CWE-863)"
    }
  ],
  "title": "Incorrect authorization vulnerability in OMRON Sysmac Studio"
}

cve-2024-49501
Vulnerability from cvelistv5
Published
2024-11-01 04:07
Modified
2024-11-01 15:06
Summary
Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49501",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-01T15:06:44.922885Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-01T15:06:52.374Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SYSMAC-SE2[][][]",
          "vendor": "OMRON Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect authorization",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-01T04:07:39.666Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-006_en.pdf"
        },
        {
          "url": "https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2024-006_ja.pdf"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU95685374"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-49501",
    "datePublished": "2024-11-01T04:07:39.666Z",
    "dateReserved": "2024-10-15T11:32:15.313Z",
    "dateUpdated": "2024-11-01T15:06:52.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}