CVE-2026-5397 - Vulnerability Details

- Vulnerability Related to an Uncontrolled Search Path Element in a UPS Management Application

Description

It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges.

If a malicious DLL is placed in the installation directory of this product, there is a possibility that the malicious DLL may be executed by exploiting the product’s behavior of loading missing DLLs from the same directory as the executable during service startup.

Published: 2026-04-15

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw is an uncontrolled search path element (CWE-427) that arises because the UPS management application uses an installation directory with insufficient permissions. A malicious actor can place a DLL in that directory, and when the service starts, the application automatically loads missing DLLs from the same directory. This behavior causes the injected DLL to execute with the service’s administrator privileges, allowing the attacker to run arbitrary code on the system.

Affected Systems

The vulnerability affects Omron Social Solutions Co., Ltd.’s PowerAttendant Standard Edition UPS management application. No specific affected versions are listed, so any release that has not yet disclosed a patch should be considered potentially vulnerable.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity level. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Because the exploitation requires write access to the application’s installation directory, the attack vector is likely local, but once a malicious DLL is placed, the code runs with elevated privileges. The lack of a public workaround increases the risk until an official fix is released.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

OMRON SOCIAL SOLUTIONS CO., Ltd.

PowerAttendant Standard Edition

unaffected

Version	Status	Constraints
`2.1.2 or lower`	affected	—

No data.

Vendor Product Confidence Versions

Omron

Powerattendant Standard Edition

100%

Version	Status	Scheme	Platform
`[0,2.1.2]`	affected	semver	['windows']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Restrict permissions on the PowerAttendant installation directory so that only administrators can write files to it
Verify that no unexpected DLLs are present in the installation directory and remove any that are not part of the approved package
Check Omron’s website or contact support for a patch or updated version and apply it as soon as it becomes available

Generated by OpenCVE AI on April 15, 2026 at 06:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.omron.com/global/en/inquiry/data/OMSR-2026-001_en.pdf
https://www.omron.com/jp/ja/inquiry/data/OMSR-2026-001_ja.pdf

History

Wed, 15 Apr 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 15 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Omron Omron powerattendant Standard Edition
Vendors & Products		Omron Omron powerattendant Standard Edition

Wed, 15 Apr 2026 05:00:00 +0000

Type	Values Removed	Values Added
Description		It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is placed in the installation directory of this product, there is a possibility that the malicious DLL may be executed by exploiting the product’s behavior of loading missing DLLs from the same directory as the executable during service startup.
Title		Vulnerability Related to an Uncontrolled Search Path Element in a UPS Management Application
Weaknesses		CWE-427
References		https://www.omron.com/global/en/inquiry/data/OMSR-2026-001_en.pdf https://www.omron.com/jp/ja/inquiry/data/OMSR-2026-001_ja.pdf
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

Omron Powerattendant Standard Edition

MITRE

Status: PUBLISHED

Assigner: OMRON

Published: 2026-04-15T04:11:29.716Z

Updated: 2026-04-15T16:13:26.313Z

Reserved: 2026-04-02T00:17:38.524Z

Link: CVE-2026-5397

Vulnrichment

Updated: 2026-04-15T13:46:44.852Z

NVD

Status : Awaiting Analysis

Published: 2026-04-15T05:16:45.740

Modified: 2026-04-17T15:17:00.957

Link: CVE-2026-5397

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-15T14:53:31Z

Weaknesses

CWE-427

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object