EUVD-2026-22837
GHSA-wx9r-9hf2-wq9p
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges.
If a malicious DLL is placed in the installation directory of this product, there is a possibility that the malicious DLL may be executed by exploiting the product’s behavior of loading missing DLLs from the same directory as the executable during service startup.
AnalysisAI
DLL hijacking in OMRON PowerAttendant Standard Edition UPS management software allows local attackers with low privileges to escalate to SYSTEM by planting malicious libraries in the installation directory, which are loaded during service startup. The attack requires high complexity (vulnerable directory permissions must exist) but achieves scope change with full system compromise. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all systems running OMRON PowerAttendant Standard Edition and assess which installations have overly permissive directory permissions. Within 7 days: Restrict write permissions on the PowerAttendant installation directory to SYSTEM and Administrators only; implement application whitelisting to prevent unsigned DLL execution. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today