CVE-2026-5397

Published: Apr 15, 2026

Modified: Apr 15, 2026

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is placed in the installation directory of this product, there is a possibility that the malicious DLL may be executed by exploiting the product’s behavior of loading missing DLLs from the same directory as the executable during service startup.

Vendor	Product	Versions
OMRON SOCIAL SOLUTIONS CO., Ltd.	PowerAttendant Standard Edition	affected `2.1.2 or lower`

Weaknesses (CWE)

CWE-427

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://www.omron.com/jp/ja/inquiry/data/OMSR-2026-001_ja.pdf

https://www.omron.com/global/en/inquiry/data/OMSR-2026-001_en.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-5397

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References