Improper Restriction of XML External Entity in Omron NB-series NX-Designer
CVE-2024-12298

5.5MEDIUM

Key Information:

Vendor: Omron Corporation
Status: Programable Terminals Nb-designer
Vendor: CVE Published:; 14 January 2025

Summary

A vulnerability exists in Omron's NB-series NX-Designer that allows attackers to exploit improper limitations on XML external entity references. By leveraging this weakness, malicious actors can potentially gain unauthorized access to sensitive data stored on affected systems. This vulnerability emphasizes the importance of proper input validation and configuration, as it may lead to significant information disclosure if not addressed.

Affected Version(s)

Programable Terminals NB-Designer Ver.1.63 or lower

References

https://www.fa.omron.co.jp/product/security/assets/pdf/en...

https://www.fa.omron.co.jp/product/security/assets/pdf/ja...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2025
Vulnerability Reserved
Dec 6, 2024