CVE-2024-27121

Summary

Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an administrative privilege. As for the details of the affected product names/versions, see the information provided by the vendor under [References] section.

Affected Software

VendorProductVersion RangeStatus
OMRON CorporationMachine Automation Controller NJ SeriesNJ101-[][][][] Ver.1.64.03 and earlieraffected
OMRON CorporationMachine Automation Controller NJ SeriesNJ301-[][][][] Ver.1.64.00 and earlieraffected
OMRON CorporationMachine Automation Controller NJ SeriesNJ501-1[]0[] Ver.1.64.03 and earlieraffected
OMRON CorporationMachine Automation Controller NJ SeriesNJ501-1[]2[] Ver.1.64.00 and earlieraffected
OMRON CorporationMachine Automation Controller NJ SeriesNJ501-1340 Ver.1.64.00 and earlieraffected
OMRON CorporationMachine Automation Controller NJ SeriesNJ501-4[][][] Ver.1.64.00 and earlieraffected
OMRON CorporationMachine Automation Controller NJ SeriesNJ501-5300 Ver.1.64.00 and earlieraffected
OMRON CorporationMachine Automation Controller NJ SeriesNJ501-R[][][] Ver.1.64.00 and earlieraffected
OMRON CorporationMachine Automation Controller NX SeriesNX1P2-[][][][][][] Ver.1.64.00 and earlieraffected
OMRON CorporationMachine Automation Controller NX SeriesNX1P2-[][][][][][]1 Ver.1.64.00 and earlieraffected
OMRON CorporationMachine Automation Controller NX SeriesNX102-[][][][] Ver.1.64.00 and earlieraffected
OMRON CorporationMachine Automation Controller NX SeriesNX502-[][][][] Ver.1.65.01 and earlieraffected
OMRON CorporationMachine Automation Controller NX SeriesNX701-[][][][] Ver.1.35.00 and earlieraffected
OMRON CorporationMachine Automation Controller NX SeriesNX-EIP201 Ver.1.00.01 and earlieraffected

Weaknesses

  • Path traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References