CVE-2024-27121
HIGHMachine Automation Controller NJ Series/NX Series - Path Traversal
Title source: llmDescription
Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an administrative privilege. As for the details of the affected product names/versions, see the information provided by the vendor under [References] section.
References (3)
Core 3
Core References
Third Party Advisory
https://jvn.jp/en/vu/JVNVU95852116/index.html
Scores
CVSS v3
7.2
EPSS
0.0088
EPSS Percentile
54.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (14)
OMRON Corporation/Machine Automation Controller NJ Series
NJ101-[][][][] Ver.1.64.03 and earlier
OMRON Corporation/Machine Automation Controller NJ Series
NJ301-[][][][] Ver.1.64.00 and earlier
OMRON Corporation/Machine Automation Controller NJ Series
NJ501-1340 Ver.1.64.00 and earlier
OMRON Corporation/Machine Automation Controller NJ Series
NJ501-1[]0[] Ver.1.64.03 and earlier
OMRON Corporation/Machine Automation Controller NJ Series
NJ501-1[]2[] Ver.1.64.00 and earlier
OMRON Corporation/Machine Automation Controller NJ Series
NJ501-4[][][] Ver.1.64.00 and earlier
OMRON Corporation/Machine Automation Controller NJ Series
NJ501-5300 Ver.1.64.00 and earlier
OMRON Corporation/Machine Automation Controller NJ Series
NJ501-R[][][] Ver.1.64.00 and earlier
OMRON Corporation/Machine Automation Controller NX Series
NX-EIP201 Ver.1.00.01 and earlier
OMRON Corporation/Machine Automation Controller NX Series
NX102-[][][][] Ver.1.64.00 and earlier
... and 4 more
Published
Mar 12, 2024
Tracked Since
Feb 18, 2026