All the vulnerabilites related to Yokogawa - CENTUM CS 3000 Entry
var-202203-0854
Vulnerability from variot
CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0854",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centum cs 3000 entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "exaopc",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.72.00"
},
{
"model": "centum cs 3000",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "centum vp entry",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "exaopc",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.80.00"
},
{
"model": "centum vp",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum cs 3000 entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22145"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22145"
}
]
},
"cve": "CVE-2022-22145",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-414058",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-22145",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1154",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-414058",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414058"
},
{
"db": "NVD",
"id": "CVE-2022-22145"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1154"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22145"
},
{
"db": "VULHUB",
"id": "VHN-414058"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22145",
"trust": 1.7
},
{
"db": "CS-HELP",
"id": "SB2022032906",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1276",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1154",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-414058",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414058"
},
{
"db": "NVD",
"id": "CVE-2022-22145"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1154"
}
]
},
"id": "VAR-202203-0854",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414058"
}
],
"trust": 0.3653070266666667
},
"last_update_date": "2023-12-18T11:56:27.052000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Yokogawa Exaopc Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=186336"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1154"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414058"
},
{
"db": "NVD",
"id": "CVE-2022-22145"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://web-material3.yokogawa.com/1/32094/files/ysar-22-0001-e.pdf"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032906"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1276"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22145/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414058"
},
{
"db": "NVD",
"id": "CVE-2022-22145"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1154"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414058"
},
{
"db": "NVD",
"id": "CVE-2022-22145"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1154"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-414058"
},
{
"date": "2022-03-11T09:15:11.517000",
"db": "NVD",
"id": "CVE-2022-22145"
},
{
"date": "2022-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1154"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-414058"
},
{
"date": "2022-03-18T15:16:05.097000",
"db": "NVD",
"id": "CVE-2022-22145"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1154"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1154"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa Exaopc Resource Management Error Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1154"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1154"
}
],
"trust": 0.6
}
}
var-202203-0848
Vulnerability from variot
The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0848",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centum cs 3000 entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "exaopc",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.72.00"
},
{
"model": "centum cs 3000",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "centum vp entry",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "exaopc",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.80.00"
},
{
"model": "centum vp",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum cs 3000 entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23401"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23401"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines from Dragos reported these vulnerabilities to Yokogawa.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1153"
}
],
"trust": 0.6
},
"cve": "CVE-2022-23401",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.9,
"id": "VHN-414062",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-23401",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1153",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-414062",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414062"
},
{
"db": "NVD",
"id": "CVE-2022-23401"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1153"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-23401"
},
{
"db": "VULHUB",
"id": "VHN-414062"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-23401",
"trust": 1.7
},
{
"db": "CS-HELP",
"id": "SB2022032906",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1276",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-083-01",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1153",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-414062",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414062"
},
{
"db": "NVD",
"id": "CVE-2022-23401"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1153"
}
]
},
"id": "VAR-202203-0848",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414062"
}
],
"trust": 0.3653070266666667
},
"last_update_date": "2023-12-18T11:56:26.973000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Yokogawa Exaopc Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=186335"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1153"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414062"
},
{
"db": "NVD",
"id": "CVE-2022-23401"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://web-material3.yokogawa.com/1/32094/files/ysar-22-0001-e.pdf"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032906"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-23401/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1276"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-083-01"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414062"
},
{
"db": "NVD",
"id": "CVE-2022-23401"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1153"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414062"
},
{
"db": "NVD",
"id": "CVE-2022-23401"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1153"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-414062"
},
{
"date": "2022-03-11T09:15:11.873000",
"db": "NVD",
"id": "CVE-2022-23401"
},
{
"date": "2022-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1153"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-414062"
},
{
"date": "2022-03-18T14:57:12.080000",
"db": "NVD",
"id": "CVE-2022-23401"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1153"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1153"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa Exaopc Code problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1153"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1153"
}
],
"trust": 0.6
}
}
var-202203-0849
Vulnerability from variot
CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0849",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centum cs 3000 entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "exaopc",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.72.00"
},
{
"model": "centum cs 3000",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "centum vp entry",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "exaopc",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.80.00"
},
{
"model": "centum vp",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum cs 3000 entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22729"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22729"
}
]
},
"cve": "CVE-2022-22729",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-414061",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-22729",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1152",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-414061",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414061"
},
{
"db": "NVD",
"id": "CVE-2022-22729"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1152"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22729"
},
{
"db": "VULHUB",
"id": "VHN-414061"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22729",
"trust": 1.7
},
{
"db": "CS-HELP",
"id": "SB2022032906",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1276",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1152",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-414061",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414061"
},
{
"db": "NVD",
"id": "CVE-2022-22729"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1152"
}
]
},
"id": "VAR-202203-0849",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414061"
}
],
"trust": 0.3653070266666667
},
"last_update_date": "2023-12-18T11:56:27.013000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Yokogawa Exaopc Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=186334"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1152"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414061"
},
{
"db": "NVD",
"id": "CVE-2022-22729"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://web-material3.yokogawa.com/1/32094/files/ysar-22-0001-e.pdf"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032906"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22729/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1276"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414061"
},
{
"db": "NVD",
"id": "CVE-2022-22729"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1152"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414061"
},
{
"db": "NVD",
"id": "CVE-2022-22729"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1152"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-414061"
},
{
"date": "2022-03-11T09:15:11.683000",
"db": "NVD",
"id": "CVE-2022-22729"
},
{
"date": "2022-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1152"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-414061"
},
{
"date": "2022-03-18T14:45:04.163000",
"db": "NVD",
"id": "CVE-2022-22729"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1152"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1152"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa Exaopc Authorization problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1152"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1152"
}
],
"trust": 0.6
}
}
var-202002-0866
Vulnerability from variot
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet. Provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. * * Vulnerability that stops communication functions by receiving specially crafted packets (CVE-2015-5626) * * Vulnerability that could cause a process to stop by receiving a specially crafted packet (CVE-2015-5627) * * Vulnerability that allows arbitrary code to be executed by receiving specially crafted packets (CVE-2015-5628) For details, please check the information provided by the product developer.By receiving a specially crafted communication frame, the communication function and the process that has the communication function may be stopped, or arbitrary code may be executed with the authority of the system that executes the process. According to product developers, this vulnerability could be exploited if the network of the entire system is properly managed, such as the network to which the affected product is connected is blocked from other networks. It is said that it is low. Yokogawa Japan Yokogawa Electric Corporation is a leader in measurement, industrial automation control, and information systems. A stack buffer overflow vulnerability exists in multiple Yokogawa products. The attacker sends a constructed packet to exploit the vulnerability to cause network communication to become unresponsive. Successful exploits may allow an attacker to execute arbitrary code or to cause a denial-of-service condition. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Yokogawa CENTUM CS, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Yokogawa CENTUM CS and CENTUM VP are large-scale production control systems. Exaopc is an OPC data access server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0866",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prosafe-rs",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.02.10"
},
{
"model": "exaplog",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.40.00"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "field wireless device opc server",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.01.02"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.85.00"
},
{
"model": "b\\/m9000 vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r7.03.04"
},
{
"model": "stardom opc server",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.40"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "exapilot",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.96.10"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.02"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.72.00"
},
{
"model": "centum cs 3000 entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "exarqe",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.20"
},
{
"model": "plant resource manager",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.12.00"
},
{
"model": "exasmoc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.20"
},
{
"model": "exaquantum\\/batch",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.50.30"
},
{
"model": "centum cs 1000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.70"
},
{
"model": "versatile data server software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r7.30.01"
},
{
"model": "b\\/m9000cs",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.05.01"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.01"
},
{
"model": "scada software \\",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r10.01"
},
{
"model": "exaopc \u003c=r3.72.00",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa",
"version": "1000"
},
{
"model": "b/m9000 vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r7.03.04 )"
},
{
"model": "b/m9000cs",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r5.05.01 )"
},
{
"model": "centum cs 1000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.08.70 )"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.09.50 )"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "small (r3.09.50 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r5.04.20 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "basic (r5.04.20 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "small (r5.04.20 )"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.72.00 )"
},
{
"model": "exapilot",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.96.10 )"
},
{
"model": "exaplog",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.40.00 )"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r2.85.00 )"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "/batch (r2.50.30 )"
},
{
"model": "exarqe",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r4.03.20 )"
},
{
"model": "exasmoc",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r4.03.20 )"
},
{
"model": "fast/tools",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r10.01 )"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r1.01 and r1.02)"
},
{
"model": "prm",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.12.00 )"
},
{
"model": "prosafe-rs",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.02.10 )"
},
{
"model": "stardom",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "opc server for windows (r3.40 )"
},
{
"model": "stardom",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "vds (r7.30.01 )"
},
{
"model": "for field wireless opc server",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r2.01.02 )"
},
{
"model": "centum centum vp entry",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum vp",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum cs entry",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "stardom vds r7.30.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "stardom opc server for windows r3.40",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r3.02.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r2.03.80",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r1.03.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prm r3.12.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prm r3.11.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fieldmate r1.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fieldmate r1.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "field wireless device opc server r2.01.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "field wireless device opc server r2.01.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.05-sp2",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.05",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.04",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.03",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r10.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exasmoc r4.03.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exarqe r4.03.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum/batch r2.50.30",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum/batch r2.50.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.85.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.80.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.50.30",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.02.50",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaplog r3.40.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exapilot r3.96.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exapilot r3.96.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.72.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.72.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.71.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3.72.00"
},
{
"model": "exaopc",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3.71.02"
},
{
"model": "centum vp entry r5.04.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r5.04.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r5.04.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r4.03.56",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r4.03.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum cs entry r3.09.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.09.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.09",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.70",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.07",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.06",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.05",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.04",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.03",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.02",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.01",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.70",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "1000"
},
{
"model": "b/m9000cs r5.05.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "b/m9000 vp r7.03.04",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "b/m9000 vp r7.03.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum vp entry",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "*"
},
{
"model": "centum centum vp",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "*"
},
{
"model": "centum centum cs entry",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "3000*"
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "3000*"
}
],
"sources": [
{
"db": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5627"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.08.70",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.02.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.72.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.96.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.40.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.85.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.50.30",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.01.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.12.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:scada_software_\\(fast\\/tools\\):*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r10.01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r7.30.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.05.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:b\\/m9000_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r7.03.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5627"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "76709"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5627",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-004852",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05996",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "81266b0e-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-83588",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-5627",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5627",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2015-004852",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05996",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-478",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-83588",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-5627",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"db": "VULHUB",
"id": "VHN-83588"
},
{
"db": "VULMON",
"id": "CVE-2015-5627"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5627"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet. Provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product\u0027s communication capabilities. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product\u0027s communication capabilities. * * Vulnerability that stops communication functions by receiving specially crafted packets (CVE-2015-5626) * * Vulnerability that could cause a process to stop by receiving a specially crafted packet (CVE-2015-5627) * * Vulnerability that allows arbitrary code to be executed by receiving specially crafted packets (CVE-2015-5628) For details, please check the information provided by the product developer.By receiving a specially crafted communication frame, the communication function and the process that has the communication function may be stopped, or arbitrary code may be executed with the authority of the system that executes the process. According to product developers, this vulnerability could be exploited if the network of the entire system is properly managed, such as the network to which the affected product is connected is blocked from other networks. It is said that it is low. Yokogawa Japan Yokogawa Electric Corporation is a leader in measurement, industrial automation control, and information systems. A stack buffer overflow vulnerability exists in multiple Yokogawa products. The attacker sends a constructed packet to exploit the vulnerability to cause network communication to become unresponsive. \nSuccessful exploits may allow an attacker to execute arbitrary code or to cause a denial-of-service condition. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Yokogawa CENTUM CS, etc. are all products of Japan\u0027s Yokogawa Electric (Yokogawa) company. Yokogawa CENTUM CS and CENTUM VP are large-scale production control systems. Exaopc is an OPC data access server",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5627"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-83588"
},
{
"db": "VULMON",
"id": "CVE-2015-5627"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5627",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-15-253-01",
"trust": 3.5
},
{
"db": "CNVD",
"id": "CNVD-2015-05996",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-478",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92677348",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852",
"trust": 0.8
},
{
"db": "BID",
"id": "76709",
"trust": 0.4
},
{
"db": "IVD",
"id": "81266B0E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-83588",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-5627",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"db": "VULHUB",
"id": "VHN-83588"
},
{
"db": "VULMON",
"id": "CVE-2015-5627"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5627"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
]
},
"id": "VAR-202002-0866",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"db": "VULHUB",
"id": "VHN-83588"
}
],
"trust": 1.3960373416666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05996"
}
]
},
"last_update_date": "2023-12-18T12:35:45.324000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e \u306e\u544a\u77e5\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.yokogawa.co.jp/dcs/security/ysar/dcs-ysar-index-ja.htm"
},
{
"title": "Patch for Yokogawa Multiple Product Stack Buffer Overflow Vulnerability (CNVD-2015-05996)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/63994"
},
{
"title": "Multiple Yokogawa Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108066"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83588"
},
{
"db": "NVD",
"id": "CVE-2015-5627"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-253-01"
},
{
"trust": 2.1,
"url": "http://www.yokogawa.com/dcs/security/ysar/ysar-15-0003e.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5626"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5627"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5628"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92677348/index.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5627"
},
{
"trust": 0.3,
"url": "http://www.yokogawa.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76709"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"db": "VULHUB",
"id": "VHN-83588"
},
{
"db": "VULMON",
"id": "CVE-2015-5627"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5627"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"db": "VULHUB",
"id": "VHN-83588"
},
{
"db": "VULMON",
"id": "CVE-2015-5627"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5627"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"date": "2020-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-83588"
},
{
"date": "2020-02-05T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5627"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76709"
},
{
"date": "2015-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"date": "2020-02-05T19:15:10.350000",
"db": "NVD",
"id": "CVE-2015-5627"
},
{
"date": "2015-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"date": "2020-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-83588"
},
{
"date": "2020-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5627"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76709"
},
{
"date": "2015-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"date": "2020-02-12T20:21:12.310000",
"db": "NVD",
"id": "CVE-2015-5627"
},
{
"date": "2020-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CENTUM Including multiple YOKOGAWA Multiple vulnerabilities in product communication functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
],
"trust": 0.6
}
}
var-202203-0846
Vulnerability from variot
Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0846",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centum cs 3000 entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "exaopc",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.72.00"
},
{
"model": "centum cs 3000",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "centum vp entry",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "exaopc",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.80.00"
},
{
"model": "centum vp",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum cs 3000 entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21808"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21808"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines from Dragos reported these vulnerabilities to Yokogawa.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1157"
}
],
"trust": 0.6
},
"cve": "CVE-2022-21808",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-414056",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-21808",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1157",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-414056",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414056"
},
{
"db": "NVD",
"id": "CVE-2022-21808"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1157"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21808"
},
{
"db": "VULHUB",
"id": "VHN-414056"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-21808",
"trust": 1.7
},
{
"db": "CS-HELP",
"id": "SB2022032906",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1276",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-083-01",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1157",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-414056",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414056"
},
{
"db": "NVD",
"id": "CVE-2022-21808"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1157"
}
]
},
"id": "VAR-202203-0846",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414056"
}
],
"trust": 0.3653070266666667
},
"last_update_date": "2023-12-18T11:56:27.072000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Yokogawa Exaopc Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=186338"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1157"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414056"
},
{
"db": "NVD",
"id": "CVE-2022-21808"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://web-material3.yokogawa.com/1/32094/files/ysar-22-0001-e.pdf"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032906"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-21808/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1276"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-083-01"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414056"
},
{
"db": "NVD",
"id": "CVE-2022-21808"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1157"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414056"
},
{
"db": "NVD",
"id": "CVE-2022-21808"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1157"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-414056"
},
{
"date": "2022-03-11T09:15:11.407000",
"db": "NVD",
"id": "CVE-2022-21808"
},
{
"date": "2022-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1157"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-414056"
},
{
"date": "2022-03-18T14:44:51.380000",
"db": "NVD",
"id": "CVE-2022-21808"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1157"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1157"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa Exaopc Path traversal vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1157"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1157"
}
],
"trust": 0.6
}
}
var-202203-0855
Vulnerability from variot
'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0855",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centum cs 3000 entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "exaopc",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.72.00"
},
{
"model": "centum cs 3000",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "centum vp entry",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "exaopc",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.80.00"
},
{
"model": "centum vp",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum cs 3000 entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22148"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22148"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines from Dragos reported these vulnerabilities to Yokogawa.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1160"
}
],
"trust": 0.6
},
"cve": "CVE-2022-22148",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-414059",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-22148",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1160",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-414059",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414059"
},
{
"db": "NVD",
"id": "CVE-2022-22148"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1160"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\u0027Root Service\u0027 service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22148"
},
{
"db": "VULHUB",
"id": "VHN-414059"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22148",
"trust": 1.7
},
{
"db": "CS-HELP",
"id": "SB2022032906",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1276",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-083-01",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1160",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-414059",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414059"
},
{
"db": "NVD",
"id": "CVE-2022-22148"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1160"
}
]
},
"id": "VAR-202203-0855",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414059"
}
],
"trust": 0.3653070266666667
},
"last_update_date": "2023-12-18T11:56:26.993000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Yokogawa Exaopc Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=186760"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1160"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414059"
},
{
"db": "NVD",
"id": "CVE-2022-22148"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://web-material3.yokogawa.com/1/32094/files/ysar-22-0001-e.pdf"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22148/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032906"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1276"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-083-01"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414059"
},
{
"db": "NVD",
"id": "CVE-2022-22148"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1160"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414059"
},
{
"db": "NVD",
"id": "CVE-2022-22148"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1160"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-414059"
},
{
"date": "2022-03-11T09:15:11.573000",
"db": "NVD",
"id": "CVE-2022-22148"
},
{
"date": "2022-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1160"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-414059"
},
{
"date": "2022-03-18T15:17:31.677000",
"db": "NVD",
"id": "CVE-2022-22148"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1160"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1160"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa Exaopc Operating system command injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1160"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1160"
}
],
"trust": 0.6
}
}
var-202203-0852
Vulnerability from variot
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0852",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centum cs 3000 entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "exaopc",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.72.00"
},
{
"model": "centum cs 3000",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "centum vp entry",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "exaopc",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.80.00"
},
{
"model": "centum vp",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum cs 3000 entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22151"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22151"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines from Dragos reported these vulnerabilities to Yokogawa.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1150"
}
],
"trust": 0.6
},
"cve": "CVE-2022-22151",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-414060",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-22151",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1150",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-414060",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414060"
},
{
"db": "NVD",
"id": "CVE-2022-22151"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1150"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22151"
},
{
"db": "VULHUB",
"id": "VHN-414060"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22151",
"trust": 1.7
},
{
"db": "CS-HELP",
"id": "SB2022032906",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1276",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-083-01",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1150",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-414060",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414060"
},
{
"db": "NVD",
"id": "CVE-2022-22151"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1150"
}
]
},
"id": "VAR-202203-0852",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414060"
}
],
"trust": 0.3653070266666667
},
"last_update_date": "2023-12-18T11:56:27.092000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Yokogawa Exaopc Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=186332"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1150"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-116",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414060"
},
{
"db": "NVD",
"id": "CVE-2022-22151"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://web-material3.yokogawa.com/1/32094/files/ysar-22-0001-e.pdf"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032906"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1276"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22151/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-083-01"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414060"
},
{
"db": "NVD",
"id": "CVE-2022-22151"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1150"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414060"
},
{
"db": "NVD",
"id": "CVE-2022-22151"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1150"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-414060"
},
{
"date": "2022-03-11T09:15:11.627000",
"db": "NVD",
"id": "CVE-2022-22151"
},
{
"date": "2022-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1150"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-414060"
},
{
"date": "2022-03-18T15:16:33.997000",
"db": "NVD",
"id": "CVE-2022-22151"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1150"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1150"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa Exaopc Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1150"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1150"
}
],
"trust": 0.6
}
}
var-202002-0867
Vulnerability from variot
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet. Provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. * * Vulnerability that stops communication functions by receiving specially crafted packets (CVE-2015-5626) * * Vulnerability that could cause a process to stop by receiving a specially crafted packet (CVE-2015-5627) * * Vulnerability that allows arbitrary code to be executed by receiving specially crafted packets (CVE-2015-5628) For details, please check the information provided by the product developer.By receiving a specially crafted communication frame, the communication function and the process that has the communication function may be stopped, or arbitrary code may be executed with the authority of the system that executes the process. According to product developers, this vulnerability could be exploited if the network of the entire system is properly managed, such as the network to which the affected product is connected is blocked from other networks. It is said that it is low. Yokogawa Japan Yokogawa Electric Corporation is a leader in measurement, industrial automation control, and information systems. A stack buffer overflow vulnerability exists in multiple Yokogawa products. The attacker sends a constructed packet to exploit the vulnerability to cause network communication to become unresponsive. Successful exploits may allow an attacker to execute arbitrary code or to cause a denial-of-service condition. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Yokogawa CENTUM CS 3000, etc. are all products of Japan Yokogawa (Yokogawa). Yokogawa CENTUM CS 3000 is a large-scale production control system. Exaopc is an OPC data access server. Exaquantum is a plant information management system (PIMS) for the process industry
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0867",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prosafe-rs",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.02.10"
},
{
"model": "exaplog",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.40.00"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "field wireless device opc server",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.01.02"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.85.00"
},
{
"model": "b\\/m9000 vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r7.03.04"
},
{
"model": "stardom opc server",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.40"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "exapilot",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.96.10"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.02"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.72.00"
},
{
"model": "centum cs 3000 entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "exarqe",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.20"
},
{
"model": "plant resource manager",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.12.00"
},
{
"model": "exasmoc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.20"
},
{
"model": "exaquantum\\/batch",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.50.30"
},
{
"model": "centum cs 1000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.70"
},
{
"model": "versatile data server software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r7.30.01"
},
{
"model": "b\\/m9000cs",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.05.01"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.01"
},
{
"model": "scada software \\",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r10.01"
},
{
"model": "exaopc \u003c=r3.72.00",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa",
"version": "1000"
},
{
"model": "b/m9000 vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r7.03.04 )"
},
{
"model": "b/m9000cs",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r5.05.01 )"
},
{
"model": "centum cs 1000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.08.70 )"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.09.50 )"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "small (r3.09.50 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r5.04.20 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "basic (r5.04.20 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "small (r5.04.20 )"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.72.00 )"
},
{
"model": "exapilot",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.96.10 )"
},
{
"model": "exaplog",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.40.00 )"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r2.85.00 )"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "/batch (r2.50.30 )"
},
{
"model": "exarqe",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r4.03.20 )"
},
{
"model": "exasmoc",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r4.03.20 )"
},
{
"model": "fast/tools",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r10.01 )"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r1.01 and r1.02)"
},
{
"model": "prm",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.12.00 )"
},
{
"model": "prosafe-rs",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.02.10 )"
},
{
"model": "stardom",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "opc server for windows (r3.40 )"
},
{
"model": "stardom",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "vds (r7.30.01 )"
},
{
"model": "for field wireless opc server",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r2.01.02 )"
},
{
"model": "centum centum vp entry",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum vp",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum cs entry",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "stardom vds r7.30.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "stardom opc server for windows r3.40",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r3.02.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r2.03.80",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r1.03.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prm r3.12.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prm r3.11.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fieldmate r1.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fieldmate r1.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "field wireless device opc server r2.01.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "field wireless device opc server r2.01.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.05-sp2",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.05",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.04",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.03",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r10.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exasmoc r4.03.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exarqe r4.03.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum/batch r2.50.30",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum/batch r2.50.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.85.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.80.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.50.30",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.02.50",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaplog r3.40.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exapilot r3.96.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exapilot r3.96.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.72.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.72.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.71.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3.72.00"
},
{
"model": "exaopc",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3.71.02"
},
{
"model": "centum vp entry r5.04.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r5.04.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r5.04.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r4.03.56",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r4.03.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum cs entry r3.09.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.09.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.09",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.70",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.07",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.06",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.05",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.04",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.03",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.02",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.01",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.70",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "1000"
},
{
"model": "b/m9000cs r5.05.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "b/m9000 vp r7.03.04",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "b/m9000 vp r7.03.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum vp entry",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "*"
},
{
"model": "centum centum vp",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "*"
},
{
"model": "centum centum cs entry",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "3000*"
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "3000*"
}
],
"sources": [
{
"db": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5628"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.08.70",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.02.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.72.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.96.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.40.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.85.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.50.30",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.01.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.12.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:scada_software_\\(fast\\/tools\\):*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r10.01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r7.30.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.05.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:b\\/m9000_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r7.03.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5628"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "76709"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5628",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-004852",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05995",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "81247038-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-83589",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-5628",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5628",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2015-004852",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05995",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-479",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-83589",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-5628",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"db": "VULHUB",
"id": "VHN-83589"
},
{
"db": "VULMON",
"id": "CVE-2015-5628"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5628"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet. Provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product\u0027s communication capabilities. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product\u0027s communication capabilities. * * Vulnerability that stops communication functions by receiving specially crafted packets (CVE-2015-5626) * * Vulnerability that could cause a process to stop by receiving a specially crafted packet (CVE-2015-5627) * * Vulnerability that allows arbitrary code to be executed by receiving specially crafted packets (CVE-2015-5628) For details, please check the information provided by the product developer.By receiving a specially crafted communication frame, the communication function and the process that has the communication function may be stopped, or arbitrary code may be executed with the authority of the system that executes the process. According to product developers, this vulnerability could be exploited if the network of the entire system is properly managed, such as the network to which the affected product is connected is blocked from other networks. It is said that it is low. Yokogawa Japan Yokogawa Electric Corporation is a leader in measurement, industrial automation control, and information systems. A stack buffer overflow vulnerability exists in multiple Yokogawa products. The attacker sends a constructed packet to exploit the vulnerability to cause network communication to become unresponsive. \nSuccessful exploits may allow an attacker to execute arbitrary code or to cause a denial-of-service condition. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Yokogawa CENTUM CS 3000, etc. are all products of Japan Yokogawa (Yokogawa). Yokogawa CENTUM CS 3000 is a large-scale production control system. Exaopc is an OPC data access server. Exaquantum is a plant information management system (PIMS) for the process industry",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5628"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-83589"
},
{
"db": "VULMON",
"id": "CVE-2015-5628"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5628",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-15-253-01",
"trust": 3.5
},
{
"db": "CNNVD",
"id": "CNNVD-201509-479",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-05995",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92677348",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852",
"trust": 0.8
},
{
"db": "BID",
"id": "76709",
"trust": 0.4
},
{
"db": "IVD",
"id": "81247038-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-83589",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-5628",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"db": "VULHUB",
"id": "VHN-83589"
},
{
"db": "VULMON",
"id": "CVE-2015-5628"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5628"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
]
},
"id": "VAR-202002-0867",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"db": "VULHUB",
"id": "VHN-83589"
}
],
"trust": 1.3960373416666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05995"
}
]
},
"last_update_date": "2023-12-18T12:35:45.366000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e \u306e\u544a\u77e5\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.yokogawa.co.jp/dcs/security/ysar/dcs-ysar-index-ja.htm"
},
{
"title": "Patch for Yokogawa Multiple Product Stack Buffer Overflow Vulnerability (CNVD-2015-05995)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/63993"
},
{
"title": "Multiple Yokogawa Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108067"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83589"
},
{
"db": "NVD",
"id": "CVE-2015-5628"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-253-01"
},
{
"trust": 2.1,
"url": "http://www.yokogawa.com/dcs/security/ysar/ysar-15-0003e.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5626"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5627"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5628"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92677348/index.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5628"
},
{
"trust": 0.3,
"url": "http://www.yokogawa.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76709"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"db": "VULHUB",
"id": "VHN-83589"
},
{
"db": "VULMON",
"id": "CVE-2015-5628"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5628"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"db": "VULHUB",
"id": "VHN-83589"
},
{
"db": "VULMON",
"id": "CVE-2015-5628"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5628"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"date": "2020-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-83589"
},
{
"date": "2020-02-05T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5628"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76709"
},
{
"date": "2015-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"date": "2020-02-05T19:15:10.397000",
"db": "NVD",
"id": "CVE-2015-5628"
},
{
"date": "2015-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"date": "2020-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-83589"
},
{
"date": "2020-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5628"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76709"
},
{
"date": "2015-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"date": "2020-02-12T20:16:13.513000",
"db": "NVD",
"id": "CVE-2015-5628"
},
{
"date": "2020-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CENTUM Including multiple YOKOGAWA Multiple vulnerabilities in product communication functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
],
"trust": 0.6
}
}
var-202203-0853
Vulnerability from variot
'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0853",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centum cs 3000 entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "exaopc",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.72.00"
},
{
"model": "centum cs 3000",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "centum vp entry",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "exaopc",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.80.00"
},
{
"model": "centum vp",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum cs 3000 entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22141"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22141"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines from Dragos reported these vulnerabilities to Yokogawa.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1159"
}
],
"trust": 0.6
},
"cve": "CVE-2022-22141",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-414057",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-22141",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1159",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-414057",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414057"
},
{
"db": "NVD",
"id": "CVE-2022-22141"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1159"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\u0027Long-term Data Archive Package\u0027 service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22141"
},
{
"db": "VULHUB",
"id": "VHN-414057"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-22141",
"trust": 1.7
},
{
"db": "CS-HELP",
"id": "SB2022032906",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1276",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-083-01",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1159",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-414057",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414057"
},
{
"db": "NVD",
"id": "CVE-2022-22141"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1159"
}
]
},
"id": "VAR-202203-0853",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414057"
}
],
"trust": 0.3653070266666667
},
"last_update_date": "2023-12-18T11:56:26.953000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Yokogawa Exaopc Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=186759"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1159"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414057"
},
{
"db": "NVD",
"id": "CVE-2022-22141"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://web-material3.yokogawa.com/1/32094/files/ysar-22-0001-e.pdf"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032906"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1276"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-22141/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-083-01"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414057"
},
{
"db": "NVD",
"id": "CVE-2022-22141"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1159"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414057"
},
{
"db": "NVD",
"id": "CVE-2022-22141"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1159"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-414057"
},
{
"date": "2022-03-11T09:15:11.460000",
"db": "NVD",
"id": "CVE-2022-22141"
},
{
"date": "2022-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1159"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-414057"
},
{
"date": "2022-03-18T15:14:17.510000",
"db": "NVD",
"id": "CVE-2022-22141"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1159"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1159"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa Exaopc Permission Licensing and Access Control Issue Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1159"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1159"
}
],
"trust": 0.6
}
}
var-202203-0851
Vulnerability from variot
There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-0851",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centum cs 3000 entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "exaopc",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.72.00"
},
{
"model": "centum cs 3000",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "centum vp entry",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum vp entry",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "exaopc",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.80.00"
},
{
"model": "centum vp",
"scope": "lt",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum cs 3000 entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21177"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21177"
}
]
},
"cve": "CVE-2022-21177",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-414054",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-21177",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-1155",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-414054",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414054"
},
{
"db": "NVD",
"id": "CVE-2022-21177"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1155"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21177"
},
{
"db": "VULHUB",
"id": "VHN-414054"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-21177",
"trust": 1.7
},
{
"db": "CS-HELP",
"id": "SB2022032906",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1276",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1155",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-414054",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414054"
},
{
"db": "NVD",
"id": "CVE-2022-21177"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1155"
}
]
},
"id": "VAR-202203-0851",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-414054"
}
],
"trust": 0.3653070266666667
},
"last_update_date": "2023-12-18T11:56:27.132000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Yokogawa Exaopc Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=186337"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1155"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414054"
},
{
"db": "NVD",
"id": "CVE-2022-21177"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://web-material3.yokogawa.com/1/32094/files/ysar-22-0001-e.pdf"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032906"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1276"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-21177/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414054"
},
{
"db": "NVD",
"id": "CVE-2022-21177"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1155"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-414054"
},
{
"db": "NVD",
"id": "CVE-2022-21177"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-1155"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-11T00:00:00",
"db": "VULHUB",
"id": "VHN-414054"
},
{
"date": "2022-03-11T09:15:11.153000",
"db": "NVD",
"id": "CVE-2022-21177"
},
{
"date": "2022-03-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1155"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-18T00:00:00",
"db": "VULHUB",
"id": "VHN-414054"
},
{
"date": "2022-03-18T14:09:31.670000",
"db": "NVD",
"id": "CVE-2022-21177"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-1155"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1155"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa Exaopc Path traversal vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1155"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-1155"
}
],
"trust": 0.6
}
}
var-202002-0865
Vulnerability from variot
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet. Provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. * * Vulnerability that stops communication functions by receiving specially crafted packets (CVE-2015-5626) * * Vulnerability that could cause a process to stop by receiving a specially crafted packet (CVE-2015-5627) * * Vulnerability that allows arbitrary code to be executed by receiving specially crafted packets (CVE-2015-5628) For details, please check the information provided by the product developer.By receiving a specially crafted communication frame, the communication function and the process that has the communication function may be stopped, or arbitrary code may be executed with the authority of the system that executes the process. According to product developers, this vulnerability could be exploited if the network of the entire system is properly managed, such as the network to which the affected product is connected is blocked from other networks. It is said that it is low. Yokogawa Japan Yokogawa Electric Corporation is a leader in measurement, industrial automation control, and information systems. A stack buffer overflow vulnerability exists in multiple Yokogawa products. The attacker sends a constructed packet to exploit the vulnerability to cause network communication to become unresponsive. Successful exploits may allow an attacker to execute arbitrary code or to cause a denial-of-service condition. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Yokogawa CENTUM CS, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Yokogawa CENTUM CS and CENTUM VP are large-scale production control systems. Exaopc is an OPC data access server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0865",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prosafe-rs",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.02.10"
},
{
"model": "exaplog",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.40.00"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "field wireless device opc server",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.01.02"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.85.00"
},
{
"model": "b\\/m9000 vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r7.03.04"
},
{
"model": "stardom opc server",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.40"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "exapilot",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.96.10"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.02"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.72.00"
},
{
"model": "centum cs 3000 entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "exarqe",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.20"
},
{
"model": "plant resource manager",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.12.00"
},
{
"model": "exasmoc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.20"
},
{
"model": "exaquantum\\/batch",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.50.30"
},
{
"model": "centum cs 1000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.70"
},
{
"model": "versatile data server software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r7.30.01"
},
{
"model": "b\\/m9000cs",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.05.01"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.01"
},
{
"model": "scada software \\",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r10.01"
},
{
"model": "exaopc \u003c=r3.72.00",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa",
"version": "1000"
},
{
"model": "b/m9000 vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r7.03.04 )"
},
{
"model": "b/m9000cs",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r5.05.01 )"
},
{
"model": "centum cs 1000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.08.70 )"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.09.50 )"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "small (r3.09.50 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r5.04.20 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "basic (r5.04.20 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "small (r5.04.20 )"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.72.00 )"
},
{
"model": "exapilot",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.96.10 )"
},
{
"model": "exaplog",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.40.00 )"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r2.85.00 )"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "/batch (r2.50.30 )"
},
{
"model": "exarqe",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r4.03.20 )"
},
{
"model": "exasmoc",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r4.03.20 )"
},
{
"model": "fast/tools",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r10.01 )"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r1.01 and r1.02)"
},
{
"model": "prm",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.12.00 )"
},
{
"model": "prosafe-rs",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.02.10 )"
},
{
"model": "stardom",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "opc server for windows (r3.40 )"
},
{
"model": "stardom",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "vds (r7.30.01 )"
},
{
"model": "for field wireless opc server",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r2.01.02 )"
},
{
"model": "centum centum vp entry",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum vp",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum cs entry",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "stardom vds r7.30.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "stardom opc server for windows r3.40",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r3.02.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r2.03.80",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r1.03.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prm r3.12.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prm r3.11.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fieldmate r1.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fieldmate r1.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "field wireless device opc server r2.01.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "field wireless device opc server r2.01.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.05-sp2",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.05",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.04",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.03",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r10.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exasmoc r4.03.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exarqe r4.03.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum/batch r2.50.30",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum/batch r2.50.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.85.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.80.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.50.30",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.02.50",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaplog r3.40.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exapilot r3.96.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exapilot r3.96.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.72.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.72.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.71.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3.72.00"
},
{
"model": "exaopc",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3.71.02"
},
{
"model": "centum vp entry r5.04.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r5.04.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r5.04.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r4.03.56",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r4.03.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum cs entry r3.09.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.09.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.09",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.70",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.07",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.06",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.05",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.04",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.03",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.02",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.01",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.70",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "1000"
},
{
"model": "b/m9000cs r5.05.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "b/m9000 vp r7.03.04",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "b/m9000 vp r7.03.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum vp entry",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "*"
},
{
"model": "centum centum vp",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "*"
},
{
"model": "centum centum cs entry",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "3000*"
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "3000*"
}
],
"sources": [
{
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5626"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.08.70",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.02.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.72.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.96.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.40.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.85.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.50.30",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.01.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.12.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:scada_software_\\(fast\\/tools\\):*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r10.01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r7.30.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.05.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:b\\/m9000_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r7.03.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5626"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "76709"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5626",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-004852",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05997",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "8128c7be-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-83587",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-5626",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5626",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2015-004852",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05997",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-477",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-83587",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-5626",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"db": "VULHUB",
"id": "VHN-83587"
},
{
"db": "VULMON",
"id": "CVE-2015-5626"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5626"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet. Provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product\u0027s communication capabilities. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product\u0027s communication capabilities. * * Vulnerability that stops communication functions by receiving specially crafted packets (CVE-2015-5626) * * Vulnerability that could cause a process to stop by receiving a specially crafted packet (CVE-2015-5627) * * Vulnerability that allows arbitrary code to be executed by receiving specially crafted packets (CVE-2015-5628) For details, please check the information provided by the product developer.By receiving a specially crafted communication frame, the communication function and the process that has the communication function may be stopped, or arbitrary code may be executed with the authority of the system that executes the process. According to product developers, this vulnerability could be exploited if the network of the entire system is properly managed, such as the network to which the affected product is connected is blocked from other networks. It is said that it is low. Yokogawa Japan Yokogawa Electric Corporation is a leader in measurement, industrial automation control, and information systems. A stack buffer overflow vulnerability exists in multiple Yokogawa products. The attacker sends a constructed packet to exploit the vulnerability to cause network communication to become unresponsive. \nSuccessful exploits may allow an attacker to execute arbitrary code or to cause a denial-of-service condition. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Yokogawa CENTUM CS, etc. are all products of Japan\u0027s Yokogawa Electric (Yokogawa) company. Yokogawa CENTUM CS and CENTUM VP are large-scale production control systems. Exaopc is an OPC data access server",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5626"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-83587"
},
{
"db": "VULMON",
"id": "CVE-2015-5626"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5626",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-15-253-01",
"trust": 3.5
},
{
"db": "CNVD",
"id": "CNVD-2015-05997",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-477",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92677348",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852",
"trust": 0.8
},
{
"db": "BID",
"id": "76709",
"trust": 0.4
},
{
"db": "IVD",
"id": "8128C7BE-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-83587",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-5626",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"db": "VULHUB",
"id": "VHN-83587"
},
{
"db": "VULMON",
"id": "CVE-2015-5626"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5626"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
]
},
"id": "VAR-202002-0865",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"db": "VULHUB",
"id": "VHN-83587"
}
],
"trust": 1.3960373416666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05997"
}
]
},
"last_update_date": "2023-12-18T12:35:45.282000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e \u306e\u544a\u77e5\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.yokogawa.co.jp/dcs/security/ysar/dcs-ysar-index-ja.htm"
},
{
"title": "Patch of Yokogawa Multiple Product Stack Buffer Overflow Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/63995"
},
{
"title": "Multiple Yokogawa Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108065"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83587"
},
{
"db": "NVD",
"id": "CVE-2015-5626"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-253-01"
},
{
"trust": 2.1,
"url": "http://www.yokogawa.com/dcs/security/ysar/ysar-15-0003e.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5626"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5627"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5628"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92677348/index.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5626"
},
{
"trust": 0.3,
"url": "http://www.yokogawa.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76709"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"db": "VULHUB",
"id": "VHN-83587"
},
{
"db": "VULMON",
"id": "CVE-2015-5626"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5626"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"db": "VULHUB",
"id": "VHN-83587"
},
{
"db": "VULMON",
"id": "CVE-2015-5626"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5626"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"date": "2020-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-83587"
},
{
"date": "2020-02-05T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5626"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76709"
},
{
"date": "2015-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"date": "2020-02-05T19:15:10.240000",
"db": "NVD",
"id": "CVE-2015-5626"
},
{
"date": "2015-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"date": "2020-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-83587"
},
{
"date": "2020-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5626"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76709"
},
{
"date": "2015-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"date": "2020-02-12T19:29:49.680000",
"db": "NVD",
"id": "CVE-2015-5626"
},
{
"date": "2020-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa Multiple Product Stack Buffer Overflow Vulnerabilities",
"sources": [
{
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05997"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
],
"trust": 0.6
}
}
cve-2015-5627
Vulnerability from cvelistv5
Published
2020-02-05 18:45
Modified
2024-08-06 06:59
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | x_refsource_MISC | |
| http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Yokogawa | CENTUM CS 1000 |
Version: R3.08.70 and earlier |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:02.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 1000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.08.70 and earlier"
}
]
},
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM CS 3000 Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "CENTUM VP Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "ProSafe-RS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.02.10 and earlier"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.72.00 and earlier"
}
]
},
{
"product": "Exaquantum",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.85.00 and earlier"
}
]
},
{
"product": "Exaquantum/Batch",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.50.30 and earlier"
}
]
},
{
"product": "Exapilot",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.96.10 and earlier"
}
]
},
{
"product": "Exaplog",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40.00 and earlier"
}
]
},
{
"product": "Exasmoc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Exarqe",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Field Wireless Device OPC Server",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.01.02 and earlier"
}
]
},
{
"product": "PRM",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.12.00 and earlier"
}
]
},
{
"product": "STARDOM VDS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.30.01 and earlier"
}
]
},
{
"product": "STARDOM OPC Server for Windows",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40 and earlier"
}
]
},
{
"product": "FAST/TOOLS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R10.01 and earlier"
}
]
},
{
"product": "B/M9000CS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.05.01 and earlier"
}
]
},
{
"product": "B/M9000 VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.03.04 and earlier"
}
]
},
{
"product": "FieldMate",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R1.01"
},
{
"status": "affected",
"version": "R1.02"
}
]
}
],
"datePublic": "2015-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T18:45:58",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 1000",
"version": {
"version_data": [
{
"version_value": "R3.08.70 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000 Entry",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP Entry",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "ProSafe-RS",
"version": {
"version_data": [
{
"version_value": "R3.02.10 and earlier"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "R3.72.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum",
"version": {
"version_data": [
{
"version_value": "R2.85.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum/Batch",
"version": {
"version_data": [
{
"version_value": "R2.50.30 and earlier"
}
]
}
},
{
"product_name": "Exapilot",
"version": {
"version_data": [
{
"version_value": "R3.96.10 and earlier"
}
]
}
},
{
"product_name": "Exaplog",
"version": {
"version_data": [
{
"version_value": "R3.40.00 and earlier"
}
]
}
},
{
"product_name": "Exasmoc",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Exarqe",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Field Wireless Device OPC Server",
"version": {
"version_data": [
{
"version_value": "R2.01.02 and earlier"
}
]
}
},
{
"product_name": "PRM",
"version": {
"version_data": [
{
"version_value": "R3.12.00 and earlier"
}
]
}
},
{
"product_name": "STARDOM VDS",
"version": {
"version_data": [
{
"version_value": "R7.30.01 and earlier"
}
]
}
},
{
"product_name": "STARDOM OPC Server for Windows",
"version": {
"version_data": [
{
"version_value": "R3.40 and earlier"
}
]
}
},
{
"product_name": "FAST/TOOLS",
"version": {
"version_data": [
{
"version_value": "R10.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000CS",
"version": {
"version_data": [
{
"version_value": "R5.05.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000 VP",
"version": {
"version_data": [
{
"version_value": "R7.03.04 and earlier"
}
]
}
},
{
"product_name": "FieldMate",
"version": {
"version_data": [
{
"version_value": "R1.01"
},
{
"version_value": "R1.02"
}
]
}
}
]
},
"vendor_name": "Yokogawa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf",
"refsource": "CONFIRM",
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-5627",
"datePublished": "2020-02-05T18:45:58",
"dateReserved": "2015-07-24T00:00:00",
"dateUpdated": "2024-08-06T06:59:02.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5628
Vulnerability from cvelistv5
Published
2020-02-05 18:46
Modified
2024-08-06 06:59
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | x_refsource_MISC | |
| http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Yokogawa | CENTUM CS 1000 |
Version: R3.08.70 and earlier |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:02.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 1000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.08.70 and earlier"
}
]
},
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM CS 3000 Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "CENTUM VP Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "ProSafe-RS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.02.10 and earlier"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.72.00 and earlier"
}
]
},
{
"product": "Exaquantum",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.85.00 and earlier"
}
]
},
{
"product": "Exaquantum/Batch",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.50.30 and earlier"
}
]
},
{
"product": "Exapilot",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.96.10 and earlier"
}
]
},
{
"product": "Exaplog",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40.00 and earlier"
}
]
},
{
"product": "Exasmoc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Exarqe",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Field Wireless Device OPC Server",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.01.02 and earlier"
}
]
},
{
"product": "PRM",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.12.00 and earlier"
}
]
},
{
"product": "STARDOM VDS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.30.01 and earlier"
}
]
},
{
"product": "STARDOM OPC Server for Windows",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40 and earlier"
}
]
},
{
"product": "FAST/TOOLS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R10.01 and earlier"
}
]
},
{
"product": "B/M9000CS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.05.01 and earlier"
}
]
},
{
"product": "B/M9000 VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.03.04 and earlier"
}
]
},
{
"product": "FieldMate",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R1.01"
},
{
"status": "affected",
"version": "R1.02"
}
]
}
],
"datePublic": "2015-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T18:46:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 1000",
"version": {
"version_data": [
{
"version_value": "R3.08.70 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000 Entry",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP Entry",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "ProSafe-RS",
"version": {
"version_data": [
{
"version_value": "R3.02.10 and earlier"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "R3.72.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum",
"version": {
"version_data": [
{
"version_value": "R2.85.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum/Batch",
"version": {
"version_data": [
{
"version_value": "R2.50.30 and earlier"
}
]
}
},
{
"product_name": "Exapilot",
"version": {
"version_data": [
{
"version_value": "R3.96.10 and earlier"
}
]
}
},
{
"product_name": "Exaplog",
"version": {
"version_data": [
{
"version_value": "R3.40.00 and earlier"
}
]
}
},
{
"product_name": "Exasmoc",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Exarqe",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Field Wireless Device OPC Server",
"version": {
"version_data": [
{
"version_value": "R2.01.02 and earlier"
}
]
}
},
{
"product_name": "PRM",
"version": {
"version_data": [
{
"version_value": "R3.12.00 and earlier"
}
]
}
},
{
"product_name": "STARDOM VDS",
"version": {
"version_data": [
{
"version_value": "R7.30.01 and earlier"
}
]
}
},
{
"product_name": "STARDOM OPC Server for Windows",
"version": {
"version_data": [
{
"version_value": "R3.40 and earlier"
}
]
}
},
{
"product_name": "FAST/TOOLS",
"version": {
"version_data": [
{
"version_value": "R10.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000CS",
"version": {
"version_data": [
{
"version_value": "R5.05.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000 VP",
"version": {
"version_data": [
{
"version_value": "R7.03.04 and earlier"
}
]
}
},
{
"product_name": "FieldMate",
"version": {
"version_data": [
{
"version_value": "R1.01"
},
{
"version_value": "R1.02"
}
]
}
}
]
},
"vendor_name": "Yokogawa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf",
"refsource": "CONFIRM",
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-5628",
"datePublished": "2020-02-05T18:46:01",
"dateReserved": "2015-07-24T00:00:00",
"dateUpdated": "2024-08-06T06:59:02.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5626
Vulnerability from cvelistv5
Published
2020-02-05 18:46
Modified
2024-08-06 06:59
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | x_refsource_MISC | |
| http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Yokogawa | CENTUM CS 1000 |
Version: R3.08.70 and earlier |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:02.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 1000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.08.70 and earlier"
}
]
},
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM CS 3000 Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "CENTUM VP Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "ProSafe-RS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.02.10 and earlier"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.72.00 and earlier"
}
]
},
{
"product": "Exaquantum",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.85.00 and earlier"
}
]
},
{
"product": "Exaquantum/Batch",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.50.30 and earlier"
}
]
},
{
"product": "Exapilot",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.96.10 and earlier"
}
]
},
{
"product": "Exaplog",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40.00 and earlier"
}
]
},
{
"product": "Exasmoc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Exarqe",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Field Wireless Device OPC Server",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.01.02 and earlier"
}
]
},
{
"product": "PRM",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.12.00 and earlier"
}
]
},
{
"product": "STARDOM VDS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.30.01 and earlier"
}
]
},
{
"product": "STARDOM OPC Server for Windows",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40 and earlier"
}
]
},
{
"product": "FAST/TOOLS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R10.01 and earlier"
}
]
},
{
"product": "B/M9000CS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.05.01 and earlier"
}
]
},
{
"product": "B/M9000 VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.03.04 and earlier"
}
]
},
{
"product": "FieldMate",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R1.01"
},
{
"status": "affected",
"version": "R1.02"
}
]
}
],
"datePublic": "2015-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T18:46:05",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 1000",
"version": {
"version_data": [
{
"version_value": "R3.08.70 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000 Entry",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP Entry",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "ProSafe-RS",
"version": {
"version_data": [
{
"version_value": "R3.02.10 and earlier"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "R3.72.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum",
"version": {
"version_data": [
{
"version_value": "R2.85.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum/Batch",
"version": {
"version_data": [
{
"version_value": "R2.50.30 and earlier"
}
]
}
},
{
"product_name": "Exapilot",
"version": {
"version_data": [
{
"version_value": "R3.96.10 and earlier"
}
]
}
},
{
"product_name": "Exaplog",
"version": {
"version_data": [
{
"version_value": "R3.40.00 and earlier"
}
]
}
},
{
"product_name": "Exasmoc",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Exarqe",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Field Wireless Device OPC Server",
"version": {
"version_data": [
{
"version_value": "R2.01.02 and earlier"
}
]
}
},
{
"product_name": "PRM",
"version": {
"version_data": [
{
"version_value": "R3.12.00 and earlier"
}
]
}
},
{
"product_name": "STARDOM VDS",
"version": {
"version_data": [
{
"version_value": "R7.30.01 and earlier"
}
]
}
},
{
"product_name": "STARDOM OPC Server for Windows",
"version": {
"version_data": [
{
"version_value": "R3.40 and earlier"
}
]
}
},
{
"product_name": "FAST/TOOLS",
"version": {
"version_data": [
{
"version_value": "R10.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000CS",
"version": {
"version_data": [
{
"version_value": "R5.05.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000 VP",
"version": {
"version_data": [
{
"version_value": "R7.03.04 and earlier"
}
]
}
},
{
"product_name": "FieldMate",
"version": {
"version_data": [
{
"version_value": "R1.01"
},
{
"version_value": "R1.02"
}
]
}
}
]
},
"vendor_name": "Yokogawa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf",
"refsource": "CONFIRM",
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-5626",
"datePublished": "2020-02-05T18:46:05",
"dateReserved": "2015-07-24T00:00:00",
"dateUpdated": "2024-08-06T06:59:02.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}