Improper restriction of XML external entity reference (XXE) vulnerability in OMRON NB-Designer

Overview

OMRON NB-Designer contains an improper restriction of XML external entity reference (XXE) vulnerability.

Description

NB-Designer provided by OMRON Corporation contains an improper restriction of XML external entity reference (XXE) vulnerability (CWE-611, CVE-2024-12298).

Impact

If a user opens a specially crafted project file created by an attacker, sensitive information in the system where NB-Designer is installed may be disclosed.

Solution

Update the software
Update the software to the version listed below which contains a fix for this vulnerability according to the information provided by the developer.

  • NB-Designer Ver.1.64 or later

 Regarding how to obtain a fixed version, refer to the information provided by the developer.

Credit

Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.

نوشته های مشابه

Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection

WordPress Plugin “My WP Customize Admin/Frontend” vulnerable to cross-site scripting

Multiple vulnerabilities in FXC AE1021 and AE1021PE

Multiple vulnerabilities in SHARP routers