Improper restriction of XML external entity reference (XXE) vulnerability in OMRON NB-Designer

Overview NB-Designer provided by OMRON Corporation contains an improper restriction of XML external entity reference XXE vulnerability CWE-611, CVE-2024-12298. Michael Heinzl reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact If a user opens a specially...

CVE-2024-12298 Vulnerability Report on Improper Restriction of XML External Entity Reference in NB-Designer

We found a vulnerability Improper Restriction of XML External Entity Reference CWE-611 in NB-series NX-Designer. Attackers may be able to abuse this vulnerability to disclose confidential data on a computer...

CVE-2024-12298

The CVE-2024-12298 issue is an XXE vulnerability (CWE-611) in Omron NB-series NX-Designer / NB-Designer. The root cause is improper restriction of XML external entity references, enabling disclosure of confidential data on the host when a specially crafted file is opened. Affected software includ...

Omron NB-Designer 代码问题漏洞

Omron NB-Designer is a programmable terminal software from Omron Corporation Japan. A code issue vulnerability exists in Omron NB-Designer V.1.63 and earlier versions, which stems from an improperly restricted XML external entity reference vulnerability that could be exploited by an attacker to...