CVE-2024-49501 (GCVE-0-2024-49501)
Vulnerability from cvelistv5 – Published: 2024-11-01 04:07 – Updated: 2024-11-01 15:06
VLAI?
Summary
Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function.
Severity ?
5.7 (Medium)
CWE
- CWE-863 - Incorrect authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OMRON Corporation | SYSMAC-SE2[][][] |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T15:06:44.922885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T15:06:52.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SYSMAC-SE2[][][]",
"vendor": "OMRON Corporation",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect authorization",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T04:07:39.666Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-006_en.pdf"
},
{
"url": "https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2024-006_ja.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU95685374"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-49501",
"datePublished": "2024-11-01T04:07:39.666Z",
"dateReserved": "2024-10-15T11:32:15.313Z",
"dateUpdated": "2024-11-01T15:06:52.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function.\"}, {\"lang\": \"es\", \"value\": \"Sysmac Studio, proporcionado por OMRON Corporation, contiene una vulnerabilidad de autorizaci\\u00f3n incorrecta. Si se aprovecha esta vulnerabilidad, un atacante podr\\u00eda acceder al programa que est\\u00e1 protegido por la funci\\u00f3n de protecci\\u00f3n de datos.\"}]",
"id": "CVE-2024-49501",
"lastModified": "2024-11-01T12:57:03.417",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"vultures@jpcert.or.jp\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N\", \"baseScore\": 5.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.5, \"impactScore\": 2.7}]}",
"published": "2024-11-01T05:15:06.280",
"references": "[{\"url\": \"https://jvn.jp/en/vu/JVNVU95685374\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-006_en.pdf\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2024-006_ja.pdf\", \"source\": \"vultures@jpcert.or.jp\"}]",
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"vultures@jpcert.or.jp\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-49501\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2024-11-01T05:15:06.280\",\"lastModified\":\"2024-11-01T12:57:03.417\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function.\"},{\"lang\":\"es\",\"value\":\"Sysmac Studio, proporcionado por OMRON Corporation, contiene una vulnerabilidad de autorizaci\u00f3n incorrecta. Si se aprovecha esta vulnerabilidad, un atacante podr\u00eda acceder al programa que est\u00e1 protegido por la funci\u00f3n de protecci\u00f3n de datos.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"vultures@jpcert.or.jp\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.5,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"vultures@jpcert.or.jp\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"references\":[{\"url\":\"https://jvn.jp/en/vu/JVNVU95685374\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-006_en.pdf\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2024-006_ja.pdf\",\"source\":\"vultures@jpcert.or.jp\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-49501\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-01T15:06:44.922885Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-01T15:06:49.001Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 5.7, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"OMRON Corporation\", \"product\": \"SYSMAC-SE2[][][]\", \"versions\": [{\"status\": \"affected\", \"version\": \"all versions\"}]}], \"references\": [{\"url\": \"https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-006_en.pdf\"}, {\"url\": \"https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2024-006_ja.pdf\"}, {\"url\": \"https://jvn.jp/en/vu/JVNVU95685374\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"Incorrect authorization\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2024-11-01T04:07:39.666Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-49501\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-01T15:06:52.374Z\", \"dateReserved\": \"2024-10-15T11:32:15.313Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2024-11-01T04:07:39.666Z\", \"assignerShortName\": \"jpcert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…