{"id":60882,"date":"2025-01-28T18:50:01","date_gmt":"2025-01-28T15:50:01","guid":{"rendered":"http:\/\/JVNVU#98734299"},"modified":"2025-01-28T18:50:01","modified_gmt":"2025-01-28T15:50:01","slug":"improper-restriction-of-xml-external-entity-reference-xxe-vulnerability-in-omron-nb-designer","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/improper-restriction-of-xml-external-entity-reference-xxe-vulnerability-in-omron-nb-designer\/","title":{"rendered":"Improper restriction of XML external entity reference (XXE) vulnerability in OMRON NB-Designer"},"content":{"rendered":"<div readability=\"33\">\n<h2>Overview<\/h2>\n<p>OMRON NB-Designer contains an improper restriction of XML external entity reference (XXE) vulnerability.<\/p>\n<\/p><\/div>\n<div readability=\"32.566265060241\">\n<h2>Description<\/h2>\n<p>NB-Designer provided by OMRON Corporation contains an improper restriction of XML external entity reference (XXE) vulnerability (<a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/611.html\" target=\"_blank\" rel=\"noopener\">CWE-611<\/a>, CVE-2024-12298).<\/p>\n<\/p><\/div>\n<div readability=\"34\">\n<h2>Impact<\/h2>\n<p>If a user opens a specially crafted project file created by an attacker, sensitive information in the system where NB-Designer is installed may be disclosed.<\/p>\n<\/p><\/div>\n<div readability=\"31.09634551495\">\n<h2>Solution<\/h2>\n<p><strong>Update the software<\/strong><br \/>Update the software to the version listed below which contains a fix for this vulnerability according to the information provided by the developer.\n<\/p>\n<ul>\n<li>NB-Designer Ver.1.64 or later<\/li>\n<\/ul>\n<p>&nbsp;Regarding how to obtain a fixed version, refer to <a href=\"https:\/\/www.fa.omron.co.jp\/product\/security\/assets\/pdf\/en\/OMSR-2025-002_en.pdf\" target=\"_blank\" rel=\"noopener\">the information provided by the developer<\/a>. <\/div>\n<div readability=\"32\">\n<h2>Credit<\/h2>\n<p>Michael Heinzl reported this vulnerability to JPCERT\/CC.<br \/>JPCERT\/CC coordinated with the developer.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Overview OMRON NB-Designer contains an improper restriction of XML external entity reference (XXE) vulnerability. Description NB-Designer provided by OMRON Corporation contains an improper restriction of XML external entity reference (XXE) vulnerability (CWE-611, CVE-2024-12298). Impact If a user opens a specially crafted project file created by an attacker, sensitive information in the system where NB-Designer is &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-60882","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/60882","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=60882"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/60882\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=60882"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=60882"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=60882"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}