Vulnerability Related to an Uncontrolled Search Path Element in a...

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges.

If a malicious DLL is placed in the installation directory of this product, there is a possibility that the malicious DLL may be executed by exploiting the product’s behavior of loading missing DLLs from the same directory as the executable during service startup.

Basic Information

ID CVE-2026-5397

Source OMRON

Published Apr 15, 2026 at 04:11

Affected Product

Vendor OMRON SOCIAL SOLUTIONS CO., Ltd.

Product PowerAttendant Standard Edition

Version 2.1.2 or lower

Affected Versions OMRON SOCIAL SOLUTIONS CO., Ltd. PowerAttendant Standard Edition 2.1.2 or lower

CWE Classification

CWE-427

References

{
    "lastseen": "",
    "description": "It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that\u00a0is then executed with administrator privileges.\n\nIf a malicious DLL is placed in the installation directory of this product, there is a possibility that the malicious DLL\u00a0may be executed by exploiting the product\u2019s behavior of loading missing DLLs from the same directory as the executable during service startup.",
    "published": "2026-04-15T04:11:29.716Z",
    "modified": "2026-04-15T04:11:29.716Z",
    "type": "cve",
    "title": "Vulnerability Related to an Uncontrolled Search Path Element in a UPS Management Application",
    "source": "OMRON",
    "references": "https://www.omron.com/jp/ja/inquiry/data/OMSR-2026-001_ja.pdf\nhttps://www.omron.com/global/en/inquiry/data/OMSR-2026-001_en.pdf",
    "id": "CVE-2026-5397",
    "bulletinFamily": "",
    "cwe": [
        "CWE-427"
    ],
    "cvelist": null,
    "sourceData": "OMRON SOCIAL SOLUTIONS CO., Ltd. PowerAttendant Standard Edition 2.1.2 or lower",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PowerAttendant Standard Edition",
    "version": "2.1.2 or lower",
    "vendor": "OMRON SOCIAL SOLUTIONS CO., Ltd.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Vulnerability Related to an Uncontrolled Search Path Element in a UPS Management Application_CVE-2026-5397