CVE-2024-27121

2024-03-1207:55:48

jpcert

www.cve.org

cve-2024-27121

path traversal

machine automation controller

arbitrary code execution

remote attacker

administrative privilege

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an administrative privilege. As for the details of the affected product names/versions, see the information provided by the vendor under [References] section.

CNA Affected

[
  {
    "vendor": "OMRON Corporation",
    "product": "Machine Automation Controller NJ Series ",
    "versions": [
      {
        "version": "NJ101-[][][][] Ver.1.64.03 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "OMRON Corporation",
    "product": "Machine Automation Controller NJ Series ",
    "versions": [
      {
        "version": "NJ301-[][][][] Ver.1.64.00 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "OMRON Corporation",
    "product": "Machine Automation Controller NJ Series ",
    "versions": [
      {
        "version": "NJ501-1[]0[] Ver.1.64.03 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "OMRON Corporation",
    "product": "Machine Automation Controller NJ Series ",
    "versions": [
      {
        "version": "NJ501-1[]2[] Ver.1.64.00 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "OMRON Corporation",
    "product": "Machine Automation Controller NJ Series ",
    "versions": [
      {
        "version": "NJ501-1340 Ver.1.64.00 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "OMRON Corporation",
    "product": "Machine Automation Controller NJ Series ",
    "versions": [
      {
        "version": "NJ501-4[][][] Ver.1.64.00 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "OMRON Corporation",
    "product": "Machine Automation Controller NJ Series ",
    "versions": [
      {
        "version": "NJ501-5300 Ver.1.64.00 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "OMRON Corporation",
    "product": "Machine Automation Controller NJ Series ",
    "versions": [
      {
        "version": "NJ501-R[][][] Ver.1.64.00 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "OMRON Corporation",
    "product": "Machine Automation Controller NX Series",
    "versions": [
      {
        "version": "NX1P2-[][][][][][] Ver.1.64.00 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "OMRON Corporation",
    "product": "Machine Automation Controller NX Series",
    "versions": [
      {
        "version": "NX1P2-[][][][][][]1 Ver.1.64.00 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "OMRON Corporation",
    "product": "Machine Automation Controller NX Series",
    "versions": [
      {
        "version": "NX102-[][][][] Ver.1.64.00 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "OMRON Corporation",
    "product": "Machine Automation Controller NX Series",
    "versions": [
      {
        "version": "NX502-[][][][] Ver.1.65.01 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "OMRON Corporation",
    "product": "Machine Automation Controller NX Series",
    "versions": [
      {
        "version": "NX701-[][][][] Ver.1.35.00 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "OMRON Corporation",
    "product": "Machine Automation Controller NX Series",
    "versions": [
      {
        "version": "NX-EIP201 Ver.1.00.01 and earlier ",
        "status": "affected"
      }
    ]
  }
]