{"id":60883,"date":"2025-01-28T19:50:26","date_gmt":"2025-01-28T16:50:26","guid":{"rendered":"http:\/\/JVNVU#96335720"},"modified":"2025-01-28T19:50:26","modified_gmt":"2025-01-28T16:50:26","slug":"omron-nj-nx-series-vulnerable-to-path-traversal","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/omron-nj-nx-series-vulnerable-to-path-traversal\/","title":{"rendered":"OMRON NJ\/NX series vulnerable to path traversal"},"content":{"rendered":"<div readability=\"32\">\n<h2>Overview<\/h2>\n<p>OMRON NJ\/NX series contain a path traversal vulnerability.<\/p>\n<\/p><\/div>\n<div readability=\"32.74684772066\">\n<h2>Products Affected<\/h2>\n<ul>\n<li>Machine Automation Controller NJ-series\n<ul>\n<li>NJ101-[][][][], NJ301-[][][][], NJ501-1[]0[]\n<ul>\n<li>Ver.1.64.05 and earlier\n<ul>\n<li>Lot No. 30924(September 30, 2024) and earlier(*1)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>NJ501-1[]2[], NJ501-1340, NJ501-4[][][], NJ501-5300, NJ501-R[][][]\n<ul>\n<li>Ver.1.64.04 and earlier\n<ul>\n<li>Lot No.30924(September 30, 2024) and earlier(*1)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p> Refer to the developer&#8217;s advisory &#8220;Appendix&#8221; section regarding how to check the affected versions.<br \/>(*1) Refer to &#8220;ID Information Indication&#8221; section of the manual &#8220;NJ-series CPU unit Hardware User\u2019s Manual (W500)&#8221; regarding how to check Lot No.<\/li>\n<p><\/p>\n<li>Machine Automation Controller NX-series\n<ul>\n<li>NX1P2-[][][][][][], NX1P2-[][][][][][]1\n<ul>\n<li>Ver.1.64.04 and earlier\n<ul>\n<li>Lot No.19Y24(November 19, 2024) and earlier(*2)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<div readability=\"11.431746031746\">Refer to the developer&#8217;s advisory &#8220;Appendix&#8221; section regarding how to check the affected versions.<br \/>(*2) Refer to &#8220;ID Information Indication&#8221; section of the manual &#8220;NX1P2 CPU Unit User\u2019s Manual (Hardware) (W578)&#8221; regarding how to check Lot No.<\/p>\n<p>As for the details, refer to the <a href=\"https:\/\/www.fa.omron.co.jp\/product\/security\/assets\/pdf\/en\/OMSR-2025-001_en.pdf\" target=\"_blank\" rel=\"noopener\">information provided by the developer.<\/a><\/p>\n<\/div><\/div>\n<div readability=\"29.436241610738\">\n<h2>Description<\/h2>\n<p>Machine Automation Controller NJ\/NX series provided by OMRON Corporation contain a path traversal vulnerability (<a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/22.html\" target=\"_blank\" rel=\"noopener\">CWE-22<\/a>, <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-12083\" target=\"_blank\" rel=\"noopener\">CVE-2024-12083<\/a>).<\/p>\n<\/p><\/div>\n<div readability=\"33\">\n<h2>Impact<\/h2>\n<p>An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an administrative privilege.<\/p>\n<\/p><\/div>\n<div readability=\"30.599156118143\">\n<h2>Solution<\/h2>\n<p><strong>Update the software<\/strong><br \/>Update the software to the latest version according to the information provided by the developer.<\/p>\n<p>As for how to obtain the update or how to apply the update, refer to <a href=\"https:\/\/www.fa.omron.co.jp\/product\/security\/assets\/pdf\/en\/OMSR-2025-001_en.pdf\" target=\"_blank\" rel=\"noopener\">the information provided by the developer<\/a>.<\/p>\n<\/p><\/div>\n<div readability=\"33\">\n<h2>Credit<\/h2>\n<p>OMRON Corporation reported this vulnerability to JPCERT\/CC to notify users of its solution through JVN.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Overview OMRON NJ\/NX series contain a path traversal vulnerability. Products Affected Machine Automation Controller NJ-series NJ101-[][][][], NJ301-[][][][], NJ501-1[]0[] Ver.1.64.05 and earlier Lot No. 30924(September 30, 2024) and earlier(*1) NJ501-1[]2[], NJ501-1340, NJ501-4[][][], NJ501-5300, NJ501-R[][][] Ver.1.64.04 and earlier Lot No.30924(September 30, 2024) and earlier(*1) Refer to the developer&#8217;s advisory &#8220;Appendix&#8221; section regarding how to check the affected &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-60883","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/60883","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=60883"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/60883\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=60883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=60883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=60883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}