All the vulnerabilites related to yokogawa - b\/m9000cs
cve-2020-5609
Vulnerability from cvelistv5
Published
2020-08-05 13:12
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU97997181/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Yokogawa Electric Corporation | CAMS for HIS |
Version: CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CAMS for HIS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-05T13:12:59",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CAMS for HIS",
"version": {
"version_data": [
{
"version_value": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU97997181/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5609",
"datePublished": "2020-08-05T13:12:59",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3888
Vulnerability from cvelistv5
Published
2014-07-10 10:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/34009 | exploit, x_refsource_EXPLOIT-DB | |
| http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01 | x_refsource_MISC | |
| http://osvdb.org/show/osvdb/108756 | vdb-entry, x_refsource_OSVDB | |
| http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf"
},
{
"name": "34009",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/34009"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01"
},
{
"name": "108756",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/show/osvdb/108756"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-12T18:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf"
},
{
"name": "34009",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/34009"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01"
},
{
"name": "108756",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/show/osvdb/108756"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-3888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf",
"refsource": "CONFIRM",
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf"
},
{
"name": "34009",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34009"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01"
},
{
"name": "108756",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/108756"
},
{
"name": "http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-3888",
"datePublished": "2014-07-10T10:00:00",
"dateReserved": "2014-05-27T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0782
Vulnerability from cvelistv5
Published
2014-05-16 10:00
Modified
2024-08-06 09:27
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf | x_refsource_CONFIRM | |
| http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:27:19.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-16T02:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-0782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf",
"refsource": "CONFIRM",
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-0782",
"datePublished": "2014-05-16T10:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:27:19.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5627
Vulnerability from cvelistv5
Published
2020-02-05 18:45
Modified
2024-08-06 06:59
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | x_refsource_MISC | |
| http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Yokogawa | CENTUM CS 1000 |
Version: R3.08.70 and earlier |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:02.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 1000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.08.70 and earlier"
}
]
},
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM CS 3000 Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "CENTUM VP Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "ProSafe-RS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.02.10 and earlier"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.72.00 and earlier"
}
]
},
{
"product": "Exaquantum",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.85.00 and earlier"
}
]
},
{
"product": "Exaquantum/Batch",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.50.30 and earlier"
}
]
},
{
"product": "Exapilot",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.96.10 and earlier"
}
]
},
{
"product": "Exaplog",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40.00 and earlier"
}
]
},
{
"product": "Exasmoc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Exarqe",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Field Wireless Device OPC Server",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.01.02 and earlier"
}
]
},
{
"product": "PRM",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.12.00 and earlier"
}
]
},
{
"product": "STARDOM VDS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.30.01 and earlier"
}
]
},
{
"product": "STARDOM OPC Server for Windows",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40 and earlier"
}
]
},
{
"product": "FAST/TOOLS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R10.01 and earlier"
}
]
},
{
"product": "B/M9000CS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.05.01 and earlier"
}
]
},
{
"product": "B/M9000 VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.03.04 and earlier"
}
]
},
{
"product": "FieldMate",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R1.01"
},
{
"status": "affected",
"version": "R1.02"
}
]
}
],
"datePublic": "2015-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T18:45:58",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 1000",
"version": {
"version_data": [
{
"version_value": "R3.08.70 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000 Entry",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP Entry",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "ProSafe-RS",
"version": {
"version_data": [
{
"version_value": "R3.02.10 and earlier"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "R3.72.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum",
"version": {
"version_data": [
{
"version_value": "R2.85.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum/Batch",
"version": {
"version_data": [
{
"version_value": "R2.50.30 and earlier"
}
]
}
},
{
"product_name": "Exapilot",
"version": {
"version_data": [
{
"version_value": "R3.96.10 and earlier"
}
]
}
},
{
"product_name": "Exaplog",
"version": {
"version_data": [
{
"version_value": "R3.40.00 and earlier"
}
]
}
},
{
"product_name": "Exasmoc",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Exarqe",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Field Wireless Device OPC Server",
"version": {
"version_data": [
{
"version_value": "R2.01.02 and earlier"
}
]
}
},
{
"product_name": "PRM",
"version": {
"version_data": [
{
"version_value": "R3.12.00 and earlier"
}
]
}
},
{
"product_name": "STARDOM VDS",
"version": {
"version_data": [
{
"version_value": "R7.30.01 and earlier"
}
]
}
},
{
"product_name": "STARDOM OPC Server for Windows",
"version": {
"version_data": [
{
"version_value": "R3.40 and earlier"
}
]
}
},
{
"product_name": "FAST/TOOLS",
"version": {
"version_data": [
{
"version_value": "R10.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000CS",
"version": {
"version_data": [
{
"version_value": "R5.05.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000 VP",
"version": {
"version_data": [
{
"version_value": "R7.03.04 and earlier"
}
]
}
},
{
"product_name": "FieldMate",
"version": {
"version_data": [
{
"version_value": "R1.01"
},
{
"version_value": "R1.02"
}
]
}
}
]
},
"vendor_name": "Yokogawa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf",
"refsource": "CONFIRM",
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-5627",
"datePublished": "2020-02-05T18:45:58",
"dateReserved": "2015-07-24T00:00:00",
"dateUpdated": "2024-08-06T06:59:02.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5628
Vulnerability from cvelistv5
Published
2020-02-05 18:46
Modified
2024-08-06 06:59
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | x_refsource_MISC | |
| http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Yokogawa | CENTUM CS 1000 |
Version: R3.08.70 and earlier |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:02.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 1000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.08.70 and earlier"
}
]
},
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM CS 3000 Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "CENTUM VP Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "ProSafe-RS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.02.10 and earlier"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.72.00 and earlier"
}
]
},
{
"product": "Exaquantum",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.85.00 and earlier"
}
]
},
{
"product": "Exaquantum/Batch",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.50.30 and earlier"
}
]
},
{
"product": "Exapilot",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.96.10 and earlier"
}
]
},
{
"product": "Exaplog",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40.00 and earlier"
}
]
},
{
"product": "Exasmoc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Exarqe",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Field Wireless Device OPC Server",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.01.02 and earlier"
}
]
},
{
"product": "PRM",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.12.00 and earlier"
}
]
},
{
"product": "STARDOM VDS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.30.01 and earlier"
}
]
},
{
"product": "STARDOM OPC Server for Windows",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40 and earlier"
}
]
},
{
"product": "FAST/TOOLS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R10.01 and earlier"
}
]
},
{
"product": "B/M9000CS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.05.01 and earlier"
}
]
},
{
"product": "B/M9000 VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.03.04 and earlier"
}
]
},
{
"product": "FieldMate",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R1.01"
},
{
"status": "affected",
"version": "R1.02"
}
]
}
],
"datePublic": "2015-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T18:46:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 1000",
"version": {
"version_data": [
{
"version_value": "R3.08.70 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000 Entry",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP Entry",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "ProSafe-RS",
"version": {
"version_data": [
{
"version_value": "R3.02.10 and earlier"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "R3.72.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum",
"version": {
"version_data": [
{
"version_value": "R2.85.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum/Batch",
"version": {
"version_data": [
{
"version_value": "R2.50.30 and earlier"
}
]
}
},
{
"product_name": "Exapilot",
"version": {
"version_data": [
{
"version_value": "R3.96.10 and earlier"
}
]
}
},
{
"product_name": "Exaplog",
"version": {
"version_data": [
{
"version_value": "R3.40.00 and earlier"
}
]
}
},
{
"product_name": "Exasmoc",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Exarqe",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Field Wireless Device OPC Server",
"version": {
"version_data": [
{
"version_value": "R2.01.02 and earlier"
}
]
}
},
{
"product_name": "PRM",
"version": {
"version_data": [
{
"version_value": "R3.12.00 and earlier"
}
]
}
},
{
"product_name": "STARDOM VDS",
"version": {
"version_data": [
{
"version_value": "R7.30.01 and earlier"
}
]
}
},
{
"product_name": "STARDOM OPC Server for Windows",
"version": {
"version_data": [
{
"version_value": "R3.40 and earlier"
}
]
}
},
{
"product_name": "FAST/TOOLS",
"version": {
"version_data": [
{
"version_value": "R10.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000CS",
"version": {
"version_data": [
{
"version_value": "R5.05.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000 VP",
"version": {
"version_data": [
{
"version_value": "R7.03.04 and earlier"
}
]
}
},
{
"product_name": "FieldMate",
"version": {
"version_data": [
{
"version_value": "R1.01"
},
{
"version_value": "R1.02"
}
]
}
}
]
},
"vendor_name": "Yokogawa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf",
"refsource": "CONFIRM",
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-5628",
"datePublished": "2020-02-05T18:46:01",
"dateReserved": "2015-07-24T00:00:00",
"dateUpdated": "2024-08-06T06:59:02.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30707
Vulnerability from cvelistv5
Published
2022-06-28 10:05
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration.
References
| ▼ | URL | Tags |
|---|---|---|
| https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf | x_refsource_MISC | |
| https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU92819891/index.html | x_refsource_MISC | |
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Yokogawa Electric Corporation | CAMS for HIS |
Version: CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92819891/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CAMS for HIS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 \u0027For CENTUM VP Support CAMS for HIS\u0027 is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 \u0027For CENTUM VP Support CAMS for HIS\u0027 is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Violation of Secure Design Principles",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T10:05:59",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92819891/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-30707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CAMS for HIS",
"version": {
"version_data": [
{
"version_value": "CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 \u0027For CENTUM VP Support CAMS for HIS\u0027 is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 \u0027For CENTUM VP Support CAMS for HIS\u0027 is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Violation of Secure Design Principles"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf"
},
{
"name": "https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92819891/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92819891/index.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-30707",
"datePublished": "2022-06-28T10:05:59",
"dateReserved": "2022-06-06T00:00:00",
"dateUpdated": "2024-08-03T06:56:13.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5626
Vulnerability from cvelistv5
Published
2020-02-05 18:46
Modified
2024-08-06 06:59
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | x_refsource_MISC | |
| http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Yokogawa | CENTUM CS 1000 |
Version: R3.08.70 and earlier |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:02.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 1000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.08.70 and earlier"
}
]
},
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM CS 3000 Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "CENTUM VP Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "ProSafe-RS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.02.10 and earlier"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.72.00 and earlier"
}
]
},
{
"product": "Exaquantum",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.85.00 and earlier"
}
]
},
{
"product": "Exaquantum/Batch",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.50.30 and earlier"
}
]
},
{
"product": "Exapilot",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.96.10 and earlier"
}
]
},
{
"product": "Exaplog",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40.00 and earlier"
}
]
},
{
"product": "Exasmoc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Exarqe",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Field Wireless Device OPC Server",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.01.02 and earlier"
}
]
},
{
"product": "PRM",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.12.00 and earlier"
}
]
},
{
"product": "STARDOM VDS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.30.01 and earlier"
}
]
},
{
"product": "STARDOM OPC Server for Windows",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40 and earlier"
}
]
},
{
"product": "FAST/TOOLS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R10.01 and earlier"
}
]
},
{
"product": "B/M9000CS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.05.01 and earlier"
}
]
},
{
"product": "B/M9000 VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.03.04 and earlier"
}
]
},
{
"product": "FieldMate",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R1.01"
},
{
"status": "affected",
"version": "R1.02"
}
]
}
],
"datePublic": "2015-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T18:46:05",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 1000",
"version": {
"version_data": [
{
"version_value": "R3.08.70 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000 Entry",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP Entry",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "ProSafe-RS",
"version": {
"version_data": [
{
"version_value": "R3.02.10 and earlier"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "R3.72.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum",
"version": {
"version_data": [
{
"version_value": "R2.85.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum/Batch",
"version": {
"version_data": [
{
"version_value": "R2.50.30 and earlier"
}
]
}
},
{
"product_name": "Exapilot",
"version": {
"version_data": [
{
"version_value": "R3.96.10 and earlier"
}
]
}
},
{
"product_name": "Exaplog",
"version": {
"version_data": [
{
"version_value": "R3.40.00 and earlier"
}
]
}
},
{
"product_name": "Exasmoc",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Exarqe",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Field Wireless Device OPC Server",
"version": {
"version_data": [
{
"version_value": "R2.01.02 and earlier"
}
]
}
},
{
"product_name": "PRM",
"version": {
"version_data": [
{
"version_value": "R3.12.00 and earlier"
}
]
}
},
{
"product_name": "STARDOM VDS",
"version": {
"version_data": [
{
"version_value": "R7.30.01 and earlier"
}
]
}
},
{
"product_name": "STARDOM OPC Server for Windows",
"version": {
"version_data": [
{
"version_value": "R3.40 and earlier"
}
]
}
},
{
"product_name": "FAST/TOOLS",
"version": {
"version_data": [
{
"version_value": "R10.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000CS",
"version": {
"version_data": [
{
"version_value": "R5.05.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000 VP",
"version": {
"version_data": [
{
"version_value": "R7.03.04 and earlier"
}
]
}
},
{
"product_name": "FieldMate",
"version": {
"version_data": [
{
"version_value": "R1.01"
},
{
"version_value": "R1.02"
}
]
}
}
]
},
"vendor_name": "Yokogawa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf",
"refsource": "CONFIRM",
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-5626",
"datePublished": "2020-02-05T18:46:05",
"dateReserved": "2015-07-24T00:00:00",
"dateUpdated": "2024-08-06T06:59:02.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26593
Vulnerability from cvelistv5
Published
2023-04-11 00:00
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Yokogawa Electric Corporation | CENTUM series |
Version: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:53.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98775218/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM series",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cleartext storage of sensitive information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98775218/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-26593",
"datePublished": "2023-04-11T00:00:00",
"dateReserved": "2023-03-15T00:00:00",
"dateUpdated": "2024-08-02T11:53:53.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5608
Vulnerability from cvelistv5
Published
2020-08-05 13:13
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU97997181/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Yokogawa Electric Corporation | CAMS for HIS |
Version: CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CAMS for HIS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-05T13:13:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CAMS for HIS",
"version": {
"version_data": [
{
"version_value": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU97997181/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5608",
"datePublished": "2020-08-05T13:13:02",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-02-05 19:15
Modified
2024-11-21 02:33
Severity ?
Summary
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | Not Applicable | |
| vultures@jpcert.or.jp | https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1B8CF6-8FC2-4E3A-AB76-73E987726C0E",
"versionEndIncluding": "r3.08.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E67CC9-AE79-4CEC-8B35-C191EB32760C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B0B579-F479-488F-8E62-DA698E2DA33F",
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111B964C-8A95-4751-829C-A5EEB0801D0A",
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67BFCAD6-7540-4279-92C5-9ADAB35CD4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CACAE33-FBCD-4C71-80F4-A0533846C41E",
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BA4DF1-5E0C-4E6D-9EF3-71A0CD57DB09",
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E37ECBA-48F6-456A-AE49-83347A91208B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1C8F8A-D82A-483E-958F-C210D6B152B7",
"versionEndIncluding": "r3.02.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16AC20D0-9D4F-42BF-B308-03343603CC3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "036843EA-6A69-411E-B0F5-FFA710E7C1AD",
"versionEndIncluding": "r3.72.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37D42D7A-D6E5-445F-B82B-E891DB489BC0",
"versionEndIncluding": "r3.96.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93B26B69-6D27-4123-8B98-A64F649488AF",
"versionEndIncluding": "r3.40.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "567F1E51-190B-4C7E-AB51-9E78D028C4C1",
"versionEndIncluding": "r2.85.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F434B396-76F3-43A0-BD20-8D43E78279DC",
"versionEndIncluding": "r2.50.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99EEE22E-7C6E-4B0C-92CC-542BE80CEA5E",
"versionEndIncluding": "r4.03.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFC7E5E-37A1-43B3-9276-F37B7B8708B7",
"versionEndIncluding": "r4.03.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5C6FDC-2AB5-461D-AB7B-FAD56A5BFD05",
"versionEndIncluding": "r2.01.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29DE5CB8-1677-40D3-B0F9-F2783F264715",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3A931F-E772-43FB-A771-76979044326F",
"versionEndIncluding": "r3.12.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:scada_software_\\(fast\\/tools\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0899439-BF70-4511-87CA-98AC62EBF40D",
"versionEndIncluding": "r10.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F29F7E5-54B9-4738-B8E5-B0E618C907BA",
"versionEndIncluding": "r7.30.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26466967-050B-4875-B2CD-BB918E33A7DC",
"versionEndIncluding": "r5.05.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C0600F-87E0-4CE5-ACB9-49F160DB3D33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63546CAB-2A76-4974-8B11-9893B7EC01E8",
"versionEndIncluding": "r7.03.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59BD08BA-2C44-4BD0-BAA1-AC9D304E2DAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD722C9-63AD-4A71-8916-0B27956420C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB2F7A7-847B-4C3E-B128-CAC09BF828CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "849A4355-8BF5-41E8-92B6-FCF28DFA2692",
"versionEndIncluding": "r3.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE5D11B-6877-4390-B9F6-6610761DB902",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en Yokogawa CENTUM CS 1000 versiones R3.08.70 y anteriores, CENTUM CS 3000 versiones R3.09.50 y anteriores, CENTUM CS 3000 Entry versiones R3.09.50 y anteriores, CENTUM VP versiones R5.04.20 y anteriores, CENTUM VP Entry versiones R5.04.20 y anteriores, ProSafe-RS versiones R3.02.10 y anteriores, Exaopc versiones R3.72.00 y anteriores, Exaquantum versiones R2.85.00 y anteriores, Exaquantum/Batch versiones R2.50.30 y anteriores, Exapilot versiones R3.96.10 y anteriores, Exaplog versiones R3.40.00 y anteriores, Exasmoc versiones R4.03.20 y anteriores, Exarqe versiones R4.03.20 y anteriores, Field Wireless Device OPC Server versiones R2.01.02 y anteriores, PRM versiones R3.12.00 y anteriores, STARDOM VDS versiones R7.30.01 y anteriores, STARDOM OPC Server for Windows versiones R3.40 y anteriores, FAST/TOOLS versiones R10.01 y anteriores, B/M9000CS versiones R5.05.01 y anteriores, B/M9000 VP versiones R7.03.04 y anteriores, y FieldMate versiones R1.01 o R1.02, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un paquete dise\u00f1ado."
}
],
"id": "CVE-2015-5628",
"lastModified": "2024-11-21T02:33:27.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-05T19:15:10.397",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Not Applicable"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-10 11:06
Modified
2024-11-21 02:09
Severity ?
Summary
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yokogawa | exaopc | * | |
| yokogawa | exaopc | 3.71.02 | |
| yokogawa | b\/m9000cs_software | * | |
| yokogawa | b\/m9000cs | - | |
| yokogawa | centum_vp_entry_class_software | * | |
| yokogawa | centum_vp_entry_class | - | |
| yokogawa | centum_vp_software | * | |
| yokogawa | centum_vp_software | 4.03.00 | |
| yokogawa | centum_vp | - | |
| yokogawa | b\/m9000_vp_software | * | |
| yokogawa | b\/m9000_vp | - | |
| yokogawa | centum_cs_3000 | r3.01 | |
| yokogawa | centum_cs_3000 | r3.02 | |
| yokogawa | centum_cs_3000 | r3.03 | |
| yokogawa | centum_cs_3000 | r3.04 | |
| yokogawa | centum_cs_3000 | r3.05 | |
| yokogawa | centum_cs_3000 | r3.06 | |
| yokogawa | centum_cs_3000 | r3.07 | |
| yokogawa | centum_cs_3000 | r3.08 | |
| yokogawa | centum_cs_3000 | r3.08.50 | |
| yokogawa | centum_cs_3000 | r3.08.70 | |
| yokogawa | centum_cs_3000 | r3.09 | |
| yokogawa | centum_cs_3000 | r3.09.50 | |
| yokogawa | centum_cs_3000_software | * | |
| yokogawa | centum_cs_3000 | - | |
| yokogawa | centum_cs_1000_software | - | |
| yokogawa | centum_cs_1000 | - | |
| yokogawa | centum_cs_3000_entry_class_software | * | |
| yokogawa | centum_cs_3000_entry_class | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3E0C7C-986A-4A07-847F-D40D194C8A06",
"versionEndIncluding": "3.72.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:3.71.02:*:*:*:*:*:*:*",
"matchCriteriaId": "CD8C689E-7952-43A8-82F7-C9FA4591899C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:b\\/m9000cs_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B08DC609-2458-419B-BC7C-ED97E126E476",
"versionEndIncluding": "5.05.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C0600F-87E0-4CE5-ACB9-49F160DB3D33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:centum_vp_entry_class_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1C581A-7E30-442A-898B-76C0E35B8376",
"versionEndIncluding": "5.03.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry_class:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1FD75F-66BF-423E-A491-E5689C7B6AEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:centum_vp_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31AF6BF2-A797-439D-AAC5-A6C4E8D6D34F",
"versionEndIncluding": "5.03.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_vp_software:4.03.00:*:*:*:*:*:*:*",
"matchCriteriaId": "41986FD4-F223-4B3C-917F-B132AA082B70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:b\\/m9000_vp_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D447032-B9EA-4FDF-A61B-DD5D2BAF6910",
"versionEndIncluding": "7.03.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59BD08BA-2C44-4BD0-BAA1-AC9D304E2DAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "40831829-1F44-439C-9A19-7DAAFD36E32F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F916DD-24BC-4955-9C30-A52C2A41B69C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "D660F6DA-8694-4F23-B967-299953DFD293",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A408C8-A7CF-439D-85E5-0DD8056A5908",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*",
"matchCriteriaId": "CA37B07D-505E-414A-9E69-E2AAB239CA35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*",
"matchCriteriaId": "32BBCAC6-AB8D-4D68-A5E4-F7FBFC3F4B33",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B75CD-C0BA-4046-A49E-9903B3B5972C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*",
"matchCriteriaId": "E07B64DB-E820-467B-A603-971970637FB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*",
"matchCriteriaId": "6813F466-42F8-4013-97A4-DA6E5D7C52F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7B0FEB1C-1427-4875-82C6-7EBD2B262766",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*",
"matchCriteriaId": "1824EC58-BCB1-4876-8729-2B6FF2FF8D1D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09.50:*:*:*:*:*:*:*",
"matchCriteriaId": "6B948C6E-88E0-4255-BBFF-06EA3EE3E532",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B32F16C-DDF7-4D36-9C2F-28360378C056",
"versionEndIncluding": "2.23.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_1000_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CBB5E05-B97C-47BF-9D96-ED5B2B40C978",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E67CC9-AE79-4CEC-8B35-C191EB32760C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000_entry_class_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B45F61B-53C2-4FE4-B2E9-62130E15948D",
"versionEndIncluding": "3.09.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry_class:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF69433-979D-470A-85E5-4734E5998F63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en pila en BKFSim_vhfd.exe en Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 y anteriores, CENTUM VP R5.03.20 y anteriores, Exaopc R3.72.00 y anteriores, B/M9000CS R5.05.01 y anteriores y B/M9000 VP R7.03.01 y anteriores, cuando FCS/Test Function est\u00e1 habilitada, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un paquete manipulado."
}
],
"id": "CVE-2014-3888",
"lastModified": "2024-11-21T02:09:04.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-10T11:06:28.880",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://osvdb.org/show/osvdb/108756"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.exploit-db.com/exploits/34009"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/show/osvdb/108756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/34009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-05 19:15
Modified
2024-11-21 02:33
Severity ?
Summary
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | Not Applicable | |
| vultures@jpcert.or.jp | https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1B8CF6-8FC2-4E3A-AB76-73E987726C0E",
"versionEndIncluding": "r3.08.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E67CC9-AE79-4CEC-8B35-C191EB32760C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B0B579-F479-488F-8E62-DA698E2DA33F",
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111B964C-8A95-4751-829C-A5EEB0801D0A",
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67BFCAD6-7540-4279-92C5-9ADAB35CD4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CACAE33-FBCD-4C71-80F4-A0533846C41E",
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BA4DF1-5E0C-4E6D-9EF3-71A0CD57DB09",
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E37ECBA-48F6-456A-AE49-83347A91208B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1C8F8A-D82A-483E-958F-C210D6B152B7",
"versionEndIncluding": "r3.02.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16AC20D0-9D4F-42BF-B308-03343603CC3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "036843EA-6A69-411E-B0F5-FFA710E7C1AD",
"versionEndIncluding": "r3.72.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37D42D7A-D6E5-445F-B82B-E891DB489BC0",
"versionEndIncluding": "r3.96.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93B26B69-6D27-4123-8B98-A64F649488AF",
"versionEndIncluding": "r3.40.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "567F1E51-190B-4C7E-AB51-9E78D028C4C1",
"versionEndIncluding": "r2.85.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F434B396-76F3-43A0-BD20-8D43E78279DC",
"versionEndIncluding": "r2.50.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99EEE22E-7C6E-4B0C-92CC-542BE80CEA5E",
"versionEndIncluding": "r4.03.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFC7E5E-37A1-43B3-9276-F37B7B8708B7",
"versionEndIncluding": "r4.03.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5C6FDC-2AB5-461D-AB7B-FAD56A5BFD05",
"versionEndIncluding": "r2.01.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29DE5CB8-1677-40D3-B0F9-F2783F264715",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3A931F-E772-43FB-A771-76979044326F",
"versionEndIncluding": "r3.12.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:scada_software_\\(fast\\/tools\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0899439-BF70-4511-87CA-98AC62EBF40D",
"versionEndIncluding": "r10.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F29F7E5-54B9-4738-B8E5-B0E618C907BA",
"versionEndIncluding": "r7.30.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26466967-050B-4875-B2CD-BB918E33A7DC",
"versionEndIncluding": "r5.05.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C0600F-87E0-4CE5-ACB9-49F160DB3D33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63546CAB-2A76-4974-8B11-9893B7EC01E8",
"versionEndIncluding": "r7.03.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59BD08BA-2C44-4BD0-BAA1-AC9D304E2DAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD722C9-63AD-4A71-8916-0B27956420C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB2F7A7-847B-4C3E-B128-CAC09BF828CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "849A4355-8BF5-41E8-92B6-FCF28DFA2692",
"versionEndIncluding": "r3.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE5D11B-6877-4390-B9F6-6610761DB902",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en Yokogawa CENTUM CS 1000 versiones R3.08.70 y anteriores, CENTUM CS 3000 versiones R3.09.50 y anteriores, CENTUM CS 3000 Entry versiones R3.09.50 y anteriores, CENTUM VP versiones R5.04.20 y anteriores, CENTUM VP Entry versiones R5.04.20 y anteriores, ProSafe-RS versiones R3.02.10 y anteriores, Exaopc versiones R3.72.00 y anteriores, Exaquantum versiones R2.85.00 y anteriores, Exaquantum/Batch versiones R2.50.30 y anteriores, Exapilot versiones R3.96.10 y anteriores, Exaplog versiones R3.40.00 y anteriores, Exasmoc versiones R4.03.20 y anteriores, Exarqe versiones R4.03.20 y anteriores, Field Wireless Device OPC Server versiones R2.01.02 y anteriores, PRM versiones R3.12.00 y anteriores, STARDOM VDS versiones R7.30.01 y anteriores, STARDOM OPC Server for Windows versiones R3.40 y anteriores, FAST/TOOLS versiones R10.01 y anteriores, B/M9000CS versiones R5.05.01 y anteriores, B/M9000 VP versiones R7.03.04 y anteriores, y FieldMate versiones R1.01 o R1.02, permite a atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n de comunicaciones de red) por medio de un paquete dise\u00f1ado."
}
],
"id": "CVE-2015-5626",
"lastModified": "2024-11-21T02:33:26.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-05T19:15:10.240",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Not Applicable"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-11 09:15
Modified
2024-11-21 07:51
Severity ?
Summary
CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yokogawa | b\/m9000_vp | * | |
| yokogawa | b\/m9000_vp | * | |
| yokogawa | b\/m9000cs | * | |
| yokogawa | centum_cs_1000 | * | |
| yokogawa | centum_cs_3000 | * | |
| yokogawa | centum_cs_3000_entry_class | * | |
| yokogawa | centum_vp | * | |
| yokogawa | centum_vp | * | |
| yokogawa | centum_vp | * | |
| yokogawa | centum_vp_entry_class | * | |
| yokogawa | centum_vp_entry_class | * | |
| yokogawa | centum_vp_entry_class | * | |
| yokogawa | exaopc | * | |
| yokogawa | exaopc | * | |
| yokogawa | exaopc | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:b\\/m9000_vp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB7BFFC-DD4C-480F-84C0-552982A0C0CF",
"versionEndIncluding": "r7.04.51",
"versionStartIncluding": "r6.01.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:b\\/m9000_vp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E598505-F0AB-4752-AFC7-5C64DF26FF8F",
"versionStartIncluding": "r8.01.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:b\\/m9000cs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F2FE8C0-18CB-4D76-8287-743554CE7C44",
"versionEndIncluding": "r5.05.01",
"versionStartIncluding": "r5.04.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_1000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE15C1F0-43CB-45AD-86FA-B6BEB897E88C",
"versionEndIncluding": "r3.09.50",
"versionStartIncluding": "r2.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E566F3FA-B3A4-467A-8F9C-A988DCDDABF0",
"versionEndIncluding": "r3.09.50",
"versionStartIncluding": "r2.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000_entry_class:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A40BBD9-478C-4441-A9E6-953433C547B8",
"versionEndIncluding": "r3.09.50",
"versionStartIncluding": "r2.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80CB728F-623F-4284-B337-15A40A8497BD",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29370D5F-14C3-4A72-B315-F410FED14AB7",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DAB0E32-C52A-45C5-AE41-90E4BA186FB7",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_vp_entry_class:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A36B940-A7DF-4388-AB66-9C048525646D",
"versionEndIncluding": "r4.02.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_vp_entry_class:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32B4A888-BFDD-4E51-934B-BD35C584F073",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:centum_vp_entry_class:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4B8DCD-FE30-486C-A9AD-8BC31F48F7C8",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68410A9F-F9E8-48B5-AAEB-22F64F6195A1",
"versionEndIncluding": "r1.20.00",
"versionStartIncluding": "r1.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F4A94E-6179-4769-BCB1-F7588BE4763B",
"versionEndIncluding": "r2.10.00",
"versionStartIncluding": "r2.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3D8BED-A853-4D07-80E9-A1B46C1F65DA",
"versionStartIncluding": "r3.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later"
}
],
"id": "CVE-2023-26593",
"lastModified": "2024-11-21T07:51:49.287",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-11T09:15:08.067",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU98775218/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU98775218/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-28 13:15
Modified
2024-11-21 07:03
Severity ?
Summary
Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/vu/JVNVU92819891/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf | Vendor Advisory | |
| vultures@jpcert.or.jp | https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf | Vendor Advisory | |
| vultures@jpcert.or.jp | https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU92819891/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7B6EFE-A886-4409-BE19-E67C0057265B",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_class_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F459A677-FC9F-42C6-A422-A5B8AF036935",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry_class:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF69433-979D-470A-85E5-4734E5998F63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D63842-D6A8-4FA1-B09C-71E9113FF95A",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D647BA49-5A43-437B-8C58-0294A452AF8D",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "844AD54B-ACAC-40A2-8A03-1536032DFBF3",
"versionEndIncluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_class_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3C914C-C755-42A3-BB6B-495EA1E49D24",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_class_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97D7746F-EC59-40B6-9C4F-C214C1E597B2",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_class_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B55FD93-B02F-4A2B-8CA2-7B243BB11E31",
"versionEndIncluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry_class:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1FD75F-66BF-423E-A491-E5689C7B6AEF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "934616AD-FD83-4311-AA4E-6A2A06C34F08",
"versionEndIncluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:b\\/m9000_vp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA76D9D-CBD5-44E0-8462-9E704E8799BA",
"versionEndIncluding": "r8.03.01",
"versionStartIncluding": "r6.01.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:b\\/m9000cs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F2FE8C0-18CB-4D76-8287-743554CE7C44",
"versionEndIncluding": "r5.05.01",
"versionStartIncluding": "r5.04.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 \u0027For CENTUM VP Support CAMS for HIS\u0027 is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration."
},
{
"lang": "es",
"value": "Se presenta una violaci\u00f3n de los principios de dise\u00f1o seguro en la comunicaci\u00f3n de CAMS para HIS. Los productos y versiones afectados son: la serie CENTUM en la que est\u00e1 instalado el LHS4800 (CENTUM CS 3000 y CENTUM CS 3000 Small R3.08.10 a R3.09.00), la serie CENTUM en la que se usa la funci\u00f3n CAMS (CENTUM VP, CENTUM VP Small y CENTUM VP Basic R4.01.00 a R4.03. 00), la serie CENTUM independientemente del uso de la funci\u00f3n CAMS (CENTUM VP, CENTUM VP Small y CENTUM VP Basic R5.01.00 a R5.04.20 y R6.01.00 a R6.09.00), Exaopc R3. 72.00 a R3.80.00 (s\u00f3lo si est\u00e1 instalado el NTPF100-S6 \"Para CENTUM soporte VP CAMS para HIS\"), B/M9000 CS R5.04.01 a R5.05.01, y B/M9000 VP R6.01.01 a R8.03.01). Si un atacante adyacente logra comprometer un ordenador usando el software CAMS for HIS, puede usar las credenciales de la m\u00e1quina comprometida para acceder a los datos de otra m\u00e1quina que use el software CAMS for HIS. Esto puede conllevar a una inhabilitaci\u00f3n de las funciones del software CAMS for HIS en cualquier m\u00e1quina afectada, o la divulgaci\u00f3n/alteraci\u00f3n de informaci\u00f3n"
}
],
"id": "CVE-2022-30707",
"lastModified": "2024-11-21T07:03:13.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-28T13:15:12.497",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/vu/JVNVU92819891/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/vu/JVNVU92819891/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-05 14:15
Modified
2024-11-21 05:34
Severity ?
Summary
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yokogawa | centum_cs_3000_firmware | * | |
| yokogawa | centum_cs_3000 | - | |
| yokogawa | centum_vp_firmware | * | |
| yokogawa | centum_vp_firmware | * | |
| yokogawa | centum_vp_firmware | * | |
| yokogawa | centum_vp | - | |
| yokogawa | b\/m9000cs_firmware | * | |
| yokogawa | b\/m9000cs | - | |
| yokogawa | b\/m9000vp_firmware | * | |
| yokogawa | b\/m9000vp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB5C1D3-A410-478C-AEBC-7A85A30B39BC",
"versionEndIncluding": "r3.09.50",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D63842-D6A8-4FA1-B09C-71E9113FF95A",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D647BA49-5A43-437B-8C58-0294A452AF8D",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "041D122C-CAFD-4AA5-A45B-A51E2F024D67",
"versionEndIncluding": "r6.07.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3131E58F-D32D-4FDC-AAD1-DE7BBAC10659",
"versionEndIncluding": "r5.05.01",
"versionStartIncluding": "r5.04.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C0600F-87E0-4CE5-ACB9-49F160DB3D33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9458CCD1-1820-4395-95CD-AEAC589DA4B2",
"versionEndIncluding": "r8.03.01",
"versionStartIncluding": "r6.01.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86DDD4A8-FE34-4446-A0C2-4E282F881068",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad salto de directorio en CAMS para HIS CENTUM CS 3000 (incluye CENTUM CS 3000 Small) versiones R3.08.10 hasta R3.09.50, CENTUM VP (incluye CENTUM VP Small, Basic) versiones R4.01.00 hasta R6.07.00, B/M9000CS versiones R5.04.01 hasta R5.05.01 y B/M9000 VP versiones R6.01.01 hasta R8.03.01, permiten a un atacante remoto no autenticado crear o sobrescribir archivos arbitrarios y ejecutar comandos arbitrarios por medio de vectores no especificados"
}
],
"id": "CVE-2020-5609",
"lastModified": "2024-11-21T05:34:21.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-05T14:15:13.187",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-16 11:12
Modified
2024-11-21 02:02
Severity ?
Summary
Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01 | US Government Resource | |
| ics-cert@hq.dhs.gov | http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:b\\/m9000cs_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B08DC609-2458-419B-BC7C-ED97E126E476",
"versionEndIncluding": "5.05.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C0600F-87E0-4CE5-ACB9-49F160DB3D33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_1000_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CBB5E05-B97C-47BF-9D96-ED5B2B40C978",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E67CC9-AE79-4CEC-8B35-C191EB32760C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B32F16C-DDF7-4D36-9C2F-28360378C056",
"versionEndIncluding": "2.23.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000_entry_class_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B45F61B-53C2-4FE4-B2E9-62130E15948D",
"versionEndIncluding": "3.09.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry_class:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF69433-979D-470A-85E5-4734E5998F63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32141043-016F-4CC0-8CDD-F1004C8BDCEE",
"versionEndIncluding": "3.71.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:b\\/m9000_vp_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D447032-B9EA-4FDF-A61B-DD5D2BAF6910",
"versionEndIncluding": "7.03.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59BD08BA-2C44-4BD0-BAA1-AC9D304E2DAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:centum_vp_entry_class_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1C581A-7E30-442A-898B-76C0E35B8376",
"versionEndIncluding": "5.03.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry_class:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1FD75F-66BF-423E-A491-E5689C7B6AEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:centum_vp_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0FEDD5-351D-466D-B2E9-0A8D4BBF575B",
"versionEndIncluding": "4.03.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en pila en BKESimmgr.exe en el paquete Expanded Test Functions en Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 y anteriores, CENTUM VP R5.03.00 y anteriores, CENTUM VP Entry Class R5.03.00 y anteriores, Exaopc R3.71.02 y anteriores, B/M9000CS R5.05.01 y anteriores y B/M9000 VP R7.03.01 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un paquete manipulado."
}
],
"id": "CVE-2014-0782",
"lastModified": "2024-11-21T02:02:47.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-16T11:12:00.243",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-05 14:15
Modified
2024-11-21 05:34
Severity ?
Summary
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yokogawa | centum_cs_3000_firmware | * | |
| yokogawa | centum_cs_3000 | - | |
| yokogawa | centum_vp_firmware | * | |
| yokogawa | centum_vp_firmware | * | |
| yokogawa | centum_vp_firmware | * | |
| yokogawa | centum_vp | - | |
| yokogawa | b\/m9000cs_firmware | * | |
| yokogawa | b\/m9000cs | - | |
| yokogawa | b\/m9000vp_firmware | * | |
| yokogawa | b\/m9000vp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB5C1D3-A410-478C-AEBC-7A85A30B39BC",
"versionEndIncluding": "r3.09.50",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D63842-D6A8-4FA1-B09C-71E9113FF95A",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D647BA49-5A43-437B-8C58-0294A452AF8D",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "041D122C-CAFD-4AA5-A45B-A51E2F024D67",
"versionEndIncluding": "r6.07.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3131E58F-D32D-4FDC-AAD1-DE7BBAC10659",
"versionEndIncluding": "r5.05.01",
"versionStartIncluding": "r5.04.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C0600F-87E0-4CE5-ACB9-49F160DB3D33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9458CCD1-1820-4395-95CD-AEAC589DA4B2",
"versionEndIncluding": "r8.03.01",
"versionStartIncluding": "r6.01.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86DDD4A8-FE34-4446-A0C2-4E282F881068",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors."
},
{
"lang": "es",
"value": "CAMS para HIS CENTUM CS 3000 (incluye CENTUM CS 3000 Small) versiones R3.08.10 hasta R3.09.50, CENTUM VP (incluye CENTUM VP Small, Basic) versiones R4.01.00 hasta R6.07.00, B/M9000CS versiones R5.04.01 hasta R5.05.01, y B/M9000 VP versiones R6.01.01 hasta R8.03.01, permite a un atacante remoto no autenticado omitir la autenticaci\u00f3n y enviar paquetes de comunicaci\u00f3n alterados por medio de vectores no especificados"
}
],
"id": "CVE-2020-5608",
"lastModified": "2024-11-21T05:34:21.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-05T14:15:13.107",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-05 19:15
Modified
2024-11-21 02:33
Severity ?
Summary
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | Not Applicable | |
| vultures@jpcert.or.jp | https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1B8CF6-8FC2-4E3A-AB76-73E987726C0E",
"versionEndIncluding": "r3.08.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E67CC9-AE79-4CEC-8B35-C191EB32760C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B0B579-F479-488F-8E62-DA698E2DA33F",
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111B964C-8A95-4751-829C-A5EEB0801D0A",
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67BFCAD6-7540-4279-92C5-9ADAB35CD4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CACAE33-FBCD-4C71-80F4-A0533846C41E",
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BA4DF1-5E0C-4E6D-9EF3-71A0CD57DB09",
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E37ECBA-48F6-456A-AE49-83347A91208B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1C8F8A-D82A-483E-958F-C210D6B152B7",
"versionEndIncluding": "r3.02.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16AC20D0-9D4F-42BF-B308-03343603CC3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "036843EA-6A69-411E-B0F5-FFA710E7C1AD",
"versionEndIncluding": "r3.72.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37D42D7A-D6E5-445F-B82B-E891DB489BC0",
"versionEndIncluding": "r3.96.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93B26B69-6D27-4123-8B98-A64F649488AF",
"versionEndIncluding": "r3.40.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "567F1E51-190B-4C7E-AB51-9E78D028C4C1",
"versionEndIncluding": "r2.85.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F434B396-76F3-43A0-BD20-8D43E78279DC",
"versionEndIncluding": "r2.50.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99EEE22E-7C6E-4B0C-92CC-542BE80CEA5E",
"versionEndIncluding": "r4.03.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFC7E5E-37A1-43B3-9276-F37B7B8708B7",
"versionEndIncluding": "r4.03.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5C6FDC-2AB5-461D-AB7B-FAD56A5BFD05",
"versionEndIncluding": "r2.01.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29DE5CB8-1677-40D3-B0F9-F2783F264715",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3A931F-E772-43FB-A771-76979044326F",
"versionEndIncluding": "r3.12.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:scada_software_\\(fast\\/tools\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0899439-BF70-4511-87CA-98AC62EBF40D",
"versionEndIncluding": "r10.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F29F7E5-54B9-4738-B8E5-B0E618C907BA",
"versionEndIncluding": "r7.30.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26466967-050B-4875-B2CD-BB918E33A7DC",
"versionEndIncluding": "r5.05.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C0600F-87E0-4CE5-ACB9-49F160DB3D33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63546CAB-2A76-4974-8B11-9893B7EC01E8",
"versionEndIncluding": "r7.03.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59BD08BA-2C44-4BD0-BAA1-AC9D304E2DAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD722C9-63AD-4A71-8916-0B27956420C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB2F7A7-847B-4C3E-B128-CAC09BF828CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "849A4355-8BF5-41E8-92B6-FCF28DFA2692",
"versionEndIncluding": "r3.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE5D11B-6877-4390-B9F6-6610761DB902",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en Yokogawa CENTUM CS 1000 versiones R3.08.70 y anteriores, CENTUM CS 3000 versiones R3.09.50 y anteriores, CENTUM CS 3000 Entry versiones R3.09.50 y anteriores, CENTUM VP versiones R5.04.20 y anteriores, CENTUM VP Entry versiones R5.04.20 y anteriores, ProSafe-RS versiones R3.02.10 y anteriores, Exaopc versiones R3.72.00 y anteriores, Exaquantum versiones R2.85.00 y anteriores, Exaquantum/Batch versiones R2.50.30 y anteriores, Exapilot versiones R3.96.10 y anteriores, Exaplog versiones R3.40.00 y anteriores, Exasmoc versiones R4.03.20 y anteriores, Exarqe versiones R4.03.20 y anteriores, Field Wireless Device OPC Server versiones R2.01.02 y anteriores, PRM versiones R3.12.00 y anteriores, STARDOM VDS versiones R7.30.01 y anteriores, STARDOM OPC Server for Windows versiones R3.40 y anteriores, FAST/TOOLS versiones R10.01 y anteriores, B/M9000CS versiones R5.05.01 y anteriores, B/M9000 VP versiones R7.03.04 y anteriores, y FieldMate versiones R1.01 o R1.02, permite a atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n del proceso) por medio de un paquete dise\u00f1ado."
}
],
"id": "CVE-2015-5627",
"lastModified": "2024-11-21T02:33:26.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-05T19:15:10.350",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Not Applicable"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-202304-0092
Vulnerability from variot
CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. The following conditions are required for this vulnerability to be exploited
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202304-0092",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centum vp entry class",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "b\\/m9000cs",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.05.01"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.10.00"
},
{
"model": "b\\/m9000cs",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.01"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp entry class",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "exaopc",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.01.00"
},
{
"model": "b\\/m9000 vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.01"
},
{
"model": "centum cs 3000 entry class",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "centum vp entry class",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.20.00"
},
{
"model": "exaopc",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.01.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "centum cs 1000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "b\\/m9000 vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r8.01.01"
},
{
"model": "centum vp entry class",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "centum cs 3000 entry class",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.01.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "exaopc",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.01.00"
},
{
"model": "centum vp entry class",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.02.00"
},
{
"model": "b\\/m9000 vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r7.04.51"
},
{
"model": "centum cs 1000",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.01.00"
},
{
"model": "centum cs 3000",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.01.00"
},
{
"model": "centum vp",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "b/m9000 cs",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "b/m9000 vp",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "centum cs 3000",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "centum cs 1000",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001411"
},
{
"db": "NVD",
"id": "CVE-2023-26593"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:b\\/m9000cs:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.05.01",
"versionStartIncluding": "r5.04.01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "r6.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp_entry_class:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "r6.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp_entry_class:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.02.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp_entry_class:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000_entry_class:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"versionStartIncluding": "r2.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"versionStartIncluding": "r2.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_1000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"versionStartIncluding": "r2.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.10.00",
"versionStartIncluding": "r2.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r1.20.00",
"versionStartIncluding": "r1.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "r3.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:b\\/m9000_vp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "r8.01.01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:b\\/m9000_vp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r7.04.51",
"versionStartIncluding": "r6.01.01",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2023-26593"
}
]
},
"cve": "CVE-2023-26593",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-001411",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2023-26593",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-001411",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202304-364",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001411"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-364"
},
{
"db": "NVD",
"id": "CVE-2023-26593"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. The following conditions are required for this vulnerability to be exploited",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-26593"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001411"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-26593",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU98775218",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-001411",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-202304-364",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001411"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-364"
},
{
"db": "NVD",
"id": "CVE-2023-26593"
}
]
},
"id": "VAR-202304-0092",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.42684549333333327
},
"last_update_date": "2024-06-02T22:57:47.449000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "YSAR-23-0001",
"trust": 0.8,
"url": "https://www.yokogawa.co.jp/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"title": "Multiple Yokogawa Product security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234540"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001411"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-364"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.0
},
{
"problemtype": "Plaintext storage of important information (CWE-312) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001411"
},
{
"db": "NVD",
"id": "CVE-2023-26593"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/en/vu/jvnvu98775218/"
},
{
"trust": 1.6,
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98775218/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-26593"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-001411.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-26593/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001411"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-364"
},
{
"db": "NVD",
"id": "CVE-2023-26593"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001411"
},
{
"db": "CNNVD",
"id": "CNNVD-202304-364"
},
{
"db": "NVD",
"id": "CVE-2023-26593"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-04-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-001411"
},
{
"date": "2023-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-364"
},
{
"date": "2023-04-11T09:15:08.067000",
"db": "NVD",
"id": "CVE-2023-26593"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-05-29T09:09:00",
"db": "JVNDB",
"id": "JVNDB-2023-001411"
},
{
"date": "2023-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202304-364"
},
{
"date": "2023-04-21T03:47:41.653000",
"db": "NVD",
"id": "CVE-2023-26593"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-364"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa Electric \u00a0CENTUM\u00a0 Vulnerability of Plaintext Storage of Important Information in Series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-001411"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202304-364"
}
],
"trust": 0.6
}
}
var-201405-0456
Vulnerability from variot
Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet. plural YOKOGAWA Product extended test function package BKESimmgr.exe Contains a stack-based buffer overflow vulnerability.A third party may be able to execute arbitrary code via a crafted packet. The Yokogawa CENTUM CS3000 is a production control system. Yokogawa's multiple product simulator management process has a stack buffer overflow vulnerability due to the Yokogawa CENTUM CS3000 BKESimmgr.exe service failing to properly use memcpy to handle user-submitted special requests, allowing remote attackers to exploit vulnerabilities for buffer overflow attacks, making applications The context executes arbitrary code. Multiple Yokogawa products are prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successful exploits may allow an attacker to execute arbitrary code with system privileges. Failed attempts will likely cause a denial-of-service condition. Yokogawa CENTUM CS, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Exaopc is an OPC data access server. Version 71.02 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.0 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201405-0456",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centum cs 1000 software",
"scope": "eq",
"trust": 1.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "b\\/m9000cs",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp entry class",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum cs 3000 entry class software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "3.09.50"
},
{
"model": "centum cs 3000 software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "2.23.00"
},
{
"model": "b\\/m9000 vp software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "7.03.01"
},
{
"model": "centum vp",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum cs 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": null
},
{
"model": "b\\/m9000 vp",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "3.71.02"
},
{
"model": "centum vp entry class software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "5.03.00"
},
{
"model": "centum cs 3000 entry class",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "4.03.00"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": null
},
{
"model": "b\\/m9000cs software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "5.05.01"
},
{
"model": "b/m9000 vp",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "b/m9000 vp software",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r7.03.01"
},
{
"model": "b/m9000cs",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "b/m9000cs software",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r5.05.01"
},
{
"model": "centum cs 1000",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum cs 1000 software",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum cs 3000",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum cs 3000 entry class",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum cs 3000 entry class software",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r3.09.50"
},
{
"model": "centum cs 3000 software",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r2.23.00"
},
{
"model": "centum vp",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum vp entry class",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum vp entry class software",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r5.03.00"
},
{
"model": "centum vp software",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.03.00"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r3.71.02"
},
{
"model": "cs3000",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum cs 3000 entry class software",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "3.09.50"
},
{
"model": "b\\/m9000cs software",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "5.05.01"
},
{
"model": "exaopc",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "3.71.02"
},
{
"model": "centum cs 3000 software",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "2.23.00"
},
{
"model": "centum vp entry class software",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "5.03.00"
},
{
"model": "b\\/m9000 vp software",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "7.03.01"
},
{
"model": "centum vp software",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "4.03.00"
},
{
"model": "cs3000",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa electric",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "fb553ac2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03050"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002535"
},
{
"db": "NVD",
"id": "CVE-2014-0782"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-286"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:b\\/m9000cs_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.05.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_1000_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.23.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000_entry_class_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.09.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000_entry_class:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.71.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:b\\/m9000_vp_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.03.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp_entry_class_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.03.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp_entry_class:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.03.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0782"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "juan vazquez",
"sources": [
{
"db": "BID",
"id": "67324"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0782",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0782",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-03050",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "fb553ac2-2351-11e6-abef-000c29c66e3d",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-68275",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0782",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-03050",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201405-286",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "fb553ac2-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-68275",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "fb553ac2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03050"
},
{
"db": "VULHUB",
"id": "VHN-68275"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002535"
},
{
"db": "NVD",
"id": "CVE-2014-0782"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-286"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet. plural YOKOGAWA Product extended test function package BKESimmgr.exe Contains a stack-based buffer overflow vulnerability.A third party may be able to execute arbitrary code via a crafted packet. The Yokogawa CENTUM CS3000 is a production control system. Yokogawa\u0027s multiple product simulator management process has a stack buffer overflow vulnerability due to the Yokogawa CENTUM CS3000 BKESimmgr.exe service failing to properly use memcpy to handle user-submitted special requests, allowing remote attackers to exploit vulnerabilities for buffer overflow attacks, making applications The context executes arbitrary code. Multiple Yokogawa products are prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nSuccessful exploits may allow an attacker to execute arbitrary code with system privileges. Failed attempts will likely cause a denial-of-service condition. Yokogawa CENTUM CS, etc. are all products of Japan\u0027s Yokogawa Electric (Yokogawa) company. Exaopc is an OPC data access server. Version 71.02 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.0 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0782"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002535"
},
{
"db": "CNVD",
"id": "CNVD-2014-03050"
},
{
"db": "BID",
"id": "67324"
},
{
"db": "IVD",
"id": "fb553ac2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-68275"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-68275",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68275"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0782",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-133-01",
"trust": 2.5
},
{
"db": "BID",
"id": "67324",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201405-286",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-03050",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-14-070-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98181377",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002535",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "33331",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "33331",
"trust": 0.6
},
{
"db": "IVD",
"id": "FB553AC2-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "126573",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-86556",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-68275",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "fb553ac2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03050"
},
{
"db": "VULHUB",
"id": "VHN-68275"
},
{
"db": "BID",
"id": "67324"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002535"
},
{
"db": "NVD",
"id": "CVE-2014-0782"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-286"
}
]
},
"id": "VAR-201405-0456",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "fb553ac2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03050"
},
{
"db": "VULHUB",
"id": "VHN-68275"
}
],
"trust": 1.4101788266666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "fb553ac2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03050"
}
]
},
"last_update_date": "2023-12-18T12:21:23.728000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "YSAR-14-0001: CENTUM \u3092\u542b\u3080 YOKOGAWA \u88fd\u54c1\u306b\u8907\u6570\u306e\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "http://www.yokogawa.co.jp/dcs/security/ysar/ysar-14-0001.pdf"
},
{
"title": "Yokogawa Multiple Product Simulator Management Process Stack Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/45632"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03050"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002535"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68275"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002535"
},
{
"db": "NVD",
"id": "CVE-2014-0782"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-133-01"
},
{
"trust": 1.7,
"url": "http://www.yokogawa.com/dcs/security/ysar/ysar-14-0001e.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0782"
},
{
"trust": 0.8,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-070-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98181377/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0782"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/33331/"
},
{
"trust": 0.6,
"url": "https://community.rapid7.com/community/metasploit/blog/2014/05/09/r7-2013-192-disclosure-yokogawa-centum-cs-3000-vulnerabilities"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03050"
},
{
"db": "VULHUB",
"id": "VHN-68275"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002535"
},
{
"db": "NVD",
"id": "CVE-2014-0782"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-286"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "fb553ac2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03050"
},
{
"db": "VULHUB",
"id": "VHN-68275"
},
{
"db": "BID",
"id": "67324"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002535"
},
{
"db": "NVD",
"id": "CVE-2014-0782"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-286"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-16T00:00:00",
"db": "IVD",
"id": "fb553ac2-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03050"
},
{
"date": "2014-05-16T00:00:00",
"db": "VULHUB",
"id": "VHN-68275"
},
{
"date": "2014-05-09T00:00:00",
"db": "BID",
"id": "67324"
},
{
"date": "2014-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002535"
},
{
"date": "2014-05-16T11:12:00.243000",
"db": "NVD",
"id": "CVE-2014-0782"
},
{
"date": "2014-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-286"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03050"
},
{
"date": "2014-05-19T00:00:00",
"db": "VULHUB",
"id": "VHN-68275"
},
{
"date": "2014-05-16T00:51:00",
"db": "BID",
"id": "67324"
},
{
"date": "2014-05-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002535"
},
{
"date": "2014-05-19T14:57:56.633000",
"db": "NVD",
"id": "CVE-2014-0782"
},
{
"date": "2014-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201405-286"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201405-286"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa Multiple Product Simulator Management Process Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "fb553ac2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-03050"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "fb553ac2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201405-286"
}
],
"trust": 0.8
}
}
var-202008-0990
Vulnerability from variot
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors. Provided by Yokogawa Electric Corporation CAMS for HIS Is vulnerable to several vulnerabilities: * Inappropriate authentication (CWE-287) - CVE-2020-5608 * Path traversal (CWE-22) - CVE-2020-5609The expected impact depends on each vulnerability, but it may be affected as follows. * A specially crafted communication packet is sent by an unauthenticated third party - CVE-2020-5608 * Unauthenticated third parties create or overwrite files in any location, or execute arbitrary commands - CVE-2020-5609
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-0990",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum cs 3000",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "b\\/m9000cs",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.01"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.07.00"
},
{
"model": "b\\/m9000vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r8.03.01"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "b\\/m9000vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.01"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "b\\/m9000cs",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.05.01"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "b/m9000cs",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "vp r6.01.01 \u304b\u3089 r8.03.01"
},
{
"model": "b/m9000cs",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r5.04.01 \u304b\u3089 r5.05.01"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(centum cs 3000 small \u542b\u3080) r3.08.10 \u304b\u3089 r3.09.50"
},
{
"model": "centum vp",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(centum vp small, basic \u542b\u3080) r4.01.00 \u304b\u3089 r6.07.00"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"db": "NVD",
"id": "CVE-2020-5608"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r6.07.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.05.01",
"versionStartIncluding": "r5.04.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:b\\/m9000vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r8.03.01",
"versionStartIncluding": "r6.01.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5608"
}
]
},
"cve": "CVE-2020-5608",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-007129",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-007129",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-007129",
"trust": 1.6,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2020-5608",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-165",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"db": "NVD",
"id": "CVE-2020-5608"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-165"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors. Provided by Yokogawa Electric Corporation CAMS for HIS Is vulnerable to several vulnerabilities: * Inappropriate authentication (CWE-287) - CVE-2020-5608 * Path traversal (CWE-22) - CVE-2020-5609The expected impact depends on each vulnerability, but it may be affected as follows. * A specially crafted communication packet is sent by an unauthenticated third party - CVE-2020-5608 * Unauthenticated third parties create or overwrite files in any location, or execute arbitrary commands - CVE-2020-5609",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5608"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU97997181",
"trust": 2.4
},
{
"db": "NVD",
"id": "CVE-2020-5608",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-224-01",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007129",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.2759",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202008-165",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"db": "NVD",
"id": "CVE-2020-5608"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-165"
}
]
},
"id": "VAR-202008-0990",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2410628
},
"last_update_date": "2023-12-18T13:07:29.130000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "YSAR-20-0001: CAMS for HIS\u306b\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.yokogawa.co.jp/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"title": "Multiple Yokogawa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=126323"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-165"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5608"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/vu/jvnvu97997181/index.html"
},
{
"trust": 1.6,
"url": "https://web-material3.yokogawa.com/1/29820/files/ysar-20-0001-e.pdf"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5608"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5608"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5609"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu97997181"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5609"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2759/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"db": "NVD",
"id": "CVE-2020-5608"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-165"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"db": "NVD",
"id": "CVE-2020-5608"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-165"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"date": "2020-08-05T14:15:13.107000",
"db": "NVD",
"id": "CVE-2020-5608"
},
{
"date": "2020-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-165"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"date": "2020-08-12T13:27:52.507000",
"db": "NVD",
"id": "CVE-2020-5608"
},
{
"date": "2020-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-165"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-165"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Yokogawa Electric CAMS for HIS Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-165"
}
],
"trust": 0.6
}
}
var-202002-0866
Vulnerability from variot
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet. Provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. * * Vulnerability that stops communication functions by receiving specially crafted packets (CVE-2015-5626) * * Vulnerability that could cause a process to stop by receiving a specially crafted packet (CVE-2015-5627) * * Vulnerability that allows arbitrary code to be executed by receiving specially crafted packets (CVE-2015-5628) For details, please check the information provided by the product developer.By receiving a specially crafted communication frame, the communication function and the process that has the communication function may be stopped, or arbitrary code may be executed with the authority of the system that executes the process. According to product developers, this vulnerability could be exploited if the network of the entire system is properly managed, such as the network to which the affected product is connected is blocked from other networks. It is said that it is low. Yokogawa Japan Yokogawa Electric Corporation is a leader in measurement, industrial automation control, and information systems. A stack buffer overflow vulnerability exists in multiple Yokogawa products. The attacker sends a constructed packet to exploit the vulnerability to cause network communication to become unresponsive. Successful exploits may allow an attacker to execute arbitrary code or to cause a denial-of-service condition. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Yokogawa CENTUM CS, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Yokogawa CENTUM CS and CENTUM VP are large-scale production control systems. Exaopc is an OPC data access server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0866",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prosafe-rs",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.02.10"
},
{
"model": "exaplog",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.40.00"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "field wireless device opc server",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.01.02"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.85.00"
},
{
"model": "b\\/m9000 vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r7.03.04"
},
{
"model": "stardom opc server",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.40"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "exapilot",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.96.10"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.02"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.72.00"
},
{
"model": "centum cs 3000 entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "exarqe",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.20"
},
{
"model": "plant resource manager",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.12.00"
},
{
"model": "exasmoc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.20"
},
{
"model": "exaquantum\\/batch",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.50.30"
},
{
"model": "centum cs 1000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.70"
},
{
"model": "versatile data server software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r7.30.01"
},
{
"model": "b\\/m9000cs",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.05.01"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.01"
},
{
"model": "scada software \\",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r10.01"
},
{
"model": "exaopc \u003c=r3.72.00",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa",
"version": "1000"
},
{
"model": "b/m9000 vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r7.03.04 )"
},
{
"model": "b/m9000cs",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r5.05.01 )"
},
{
"model": "centum cs 1000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.08.70 )"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.09.50 )"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "small (r3.09.50 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r5.04.20 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "basic (r5.04.20 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "small (r5.04.20 )"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.72.00 )"
},
{
"model": "exapilot",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.96.10 )"
},
{
"model": "exaplog",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.40.00 )"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r2.85.00 )"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "/batch (r2.50.30 )"
},
{
"model": "exarqe",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r4.03.20 )"
},
{
"model": "exasmoc",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r4.03.20 )"
},
{
"model": "fast/tools",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r10.01 )"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r1.01 and r1.02)"
},
{
"model": "prm",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.12.00 )"
},
{
"model": "prosafe-rs",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.02.10 )"
},
{
"model": "stardom",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "opc server for windows (r3.40 )"
},
{
"model": "stardom",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "vds (r7.30.01 )"
},
{
"model": "for field wireless opc server",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r2.01.02 )"
},
{
"model": "centum centum vp entry",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum vp",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum cs entry",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "stardom vds r7.30.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "stardom opc server for windows r3.40",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r3.02.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r2.03.80",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r1.03.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prm r3.12.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prm r3.11.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fieldmate r1.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fieldmate r1.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "field wireless device opc server r2.01.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "field wireless device opc server r2.01.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.05-sp2",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.05",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.04",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.03",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r10.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exasmoc r4.03.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exarqe r4.03.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum/batch r2.50.30",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum/batch r2.50.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.85.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.80.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.50.30",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.02.50",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaplog r3.40.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exapilot r3.96.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exapilot r3.96.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.72.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.72.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.71.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3.72.00"
},
{
"model": "exaopc",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3.71.02"
},
{
"model": "centum vp entry r5.04.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r5.04.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r5.04.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r4.03.56",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r4.03.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum cs entry r3.09.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.09.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.09",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.70",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.07",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.06",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.05",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.04",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.03",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.02",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.01",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.70",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "1000"
},
{
"model": "b/m9000cs r5.05.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "b/m9000 vp r7.03.04",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "b/m9000 vp r7.03.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum vp entry",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "*"
},
{
"model": "centum centum vp",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "*"
},
{
"model": "centum centum cs entry",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "3000*"
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "3000*"
}
],
"sources": [
{
"db": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5627"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.08.70",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.02.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.72.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.96.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.40.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.85.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.50.30",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.01.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.12.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:scada_software_\\(fast\\/tools\\):*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r10.01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r7.30.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.05.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:b\\/m9000_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r7.03.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5627"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "76709"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5627",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-004852",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05996",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "81266b0e-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-83588",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-5627",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5627",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2015-004852",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05996",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-478",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-83588",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-5627",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"db": "VULHUB",
"id": "VHN-83588"
},
{
"db": "VULMON",
"id": "CVE-2015-5627"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5627"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet. Provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product\u0027s communication capabilities. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product\u0027s communication capabilities. * * Vulnerability that stops communication functions by receiving specially crafted packets (CVE-2015-5626) * * Vulnerability that could cause a process to stop by receiving a specially crafted packet (CVE-2015-5627) * * Vulnerability that allows arbitrary code to be executed by receiving specially crafted packets (CVE-2015-5628) For details, please check the information provided by the product developer.By receiving a specially crafted communication frame, the communication function and the process that has the communication function may be stopped, or arbitrary code may be executed with the authority of the system that executes the process. According to product developers, this vulnerability could be exploited if the network of the entire system is properly managed, such as the network to which the affected product is connected is blocked from other networks. It is said that it is low. Yokogawa Japan Yokogawa Electric Corporation is a leader in measurement, industrial automation control, and information systems. A stack buffer overflow vulnerability exists in multiple Yokogawa products. The attacker sends a constructed packet to exploit the vulnerability to cause network communication to become unresponsive. \nSuccessful exploits may allow an attacker to execute arbitrary code or to cause a denial-of-service condition. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Yokogawa CENTUM CS, etc. are all products of Japan\u0027s Yokogawa Electric (Yokogawa) company. Yokogawa CENTUM CS and CENTUM VP are large-scale production control systems. Exaopc is an OPC data access server",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5627"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-83588"
},
{
"db": "VULMON",
"id": "CVE-2015-5627"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5627",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-15-253-01",
"trust": 3.5
},
{
"db": "CNVD",
"id": "CNVD-2015-05996",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-478",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92677348",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852",
"trust": 0.8
},
{
"db": "BID",
"id": "76709",
"trust": 0.4
},
{
"db": "IVD",
"id": "81266B0E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-83588",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-5627",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"db": "VULHUB",
"id": "VHN-83588"
},
{
"db": "VULMON",
"id": "CVE-2015-5627"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5627"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
]
},
"id": "VAR-202002-0866",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"db": "VULHUB",
"id": "VHN-83588"
}
],
"trust": 1.3960373416666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05996"
}
]
},
"last_update_date": "2023-12-18T12:35:45.324000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e \u306e\u544a\u77e5\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.yokogawa.co.jp/dcs/security/ysar/dcs-ysar-index-ja.htm"
},
{
"title": "Patch for Yokogawa Multiple Product Stack Buffer Overflow Vulnerability (CNVD-2015-05996)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/63994"
},
{
"title": "Multiple Yokogawa Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108066"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83588"
},
{
"db": "NVD",
"id": "CVE-2015-5627"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-253-01"
},
{
"trust": 2.1,
"url": "http://www.yokogawa.com/dcs/security/ysar/ysar-15-0003e.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5626"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5627"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5628"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92677348/index.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5627"
},
{
"trust": 0.3,
"url": "http://www.yokogawa.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76709"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"db": "VULHUB",
"id": "VHN-83588"
},
{
"db": "VULMON",
"id": "CVE-2015-5627"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5627"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"db": "VULHUB",
"id": "VHN-83588"
},
{
"db": "VULMON",
"id": "CVE-2015-5627"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5627"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "IVD",
"id": "81266b0e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"date": "2020-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-83588"
},
{
"date": "2020-02-05T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5627"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76709"
},
{
"date": "2015-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"date": "2020-02-05T19:15:10.350000",
"db": "NVD",
"id": "CVE-2015-5627"
},
{
"date": "2015-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05996"
},
{
"date": "2020-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-83588"
},
{
"date": "2020-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5627"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76709"
},
{
"date": "2015-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"date": "2020-02-12T20:21:12.310000",
"db": "NVD",
"id": "CVE-2015-5627"
},
{
"date": "2020-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CENTUM Including multiple YOKOGAWA Multiple vulnerabilities in product communication functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-478"
}
],
"trust": 0.6
}
}
var-202206-1773
Vulnerability from variot
Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Is a developer and ICS-CERT I made adjustments with.If this vulnerability is exploited, it may be affected as follows. * An attacker who has access to the computer on which the product is installed will obtain the account and password stored on that computer. As a result, another CAMS for HIS The data managed by is leaked or tampered with. * Different by the attacker who got the account and password CAMS for HIS Caused resource exhaustion in CAMS for HIS The function of is stopped
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1773",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "b\\/m9000cs",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.05.01"
},
{
"model": "b\\/m9000cs",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.01"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum cs 3000",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum cs 3000 entry class",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
},
{
"model": "centum vp entry class",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "b\\/m9000 vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.01"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum cs 3000 entry class",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "b\\/m9000 vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r8.03.01"
},
{
"model": "centum vp entry class",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum vp entry class",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.80.00"
},
{
"model": "centum vp entry class",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "exaopc",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.72.00"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "centum vp entry class",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "centum vp entry class",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.09.00"
},
{
"model": "centum cs 3000",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "b/m9000 vp",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "centum cs 3000 small",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "centum vp basic",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "b/m9000 cs",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "exaopc",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "centum vp small",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "centum vp",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001958"
},
{
"db": "NVD",
"id": "CVE-2022-30707"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_class_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000_entry_class:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_class_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_class_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_class_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp_entry_class:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:b\\/m9000cs:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.05.01",
"versionStartIncluding": "r5.04.01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:b\\/m9000_vp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r8.03.01",
"versionStartIncluding": "r6.01.01",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-30707"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines from Dragos, reported this vulnerability to Yokogawa., Inc.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2244"
}
],
"trust": 0.6
},
"cve": "CVE-2022-30707",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-424307",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2022-001958",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-30707",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-001958",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2244",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-424307",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424307"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001958"
},
{
"db": "NVD",
"id": "CVE-2022-30707"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2244"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 \u0027For CENTUM VP Support CAMS for HIS\u0027 is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Is a developer and ICS-CERT I made adjustments with.If this vulnerability is exploited, it may be affected as follows. * An attacker who has access to the computer on which the product is installed will obtain the account and password stored on that computer. As a result, another CAMS for HIS The data managed by is leaked or tampered with. * Different by the attacker who got the account and password CAMS for HIS Caused resource exhaustion in CAMS for HIS The function of is stopped",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-30707"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001958"
},
{
"db": "VULHUB",
"id": "VHN-424307"
},
{
"db": "VULMON",
"id": "CVE-2022-30707"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU92819891",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-174-02",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2022-30707",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001958",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.3072",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2244",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-424307",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-30707",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424307"
},
{
"db": "VULMON",
"id": "CVE-2022-30707"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001958"
},
{
"db": "NVD",
"id": "CVE-2022-30707"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2244"
}
]
},
"id": "VAR-202206-1773",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-424307"
}
],
"trust": 0.5268454933333334
},
"last_update_date": "2023-12-18T12:34:22.760000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "YSAR-22-0006",
"trust": 0.8,
"url": "https://www.yokogawa.co.jp/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"title": "Yokogawa Exaopc Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=199972"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001958"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2244"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-30707"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02"
},
{
"trust": 2.6,
"url": "https://jvn.jp/vu/jvnvu92819891/index.html"
},
{
"trust": 1.8,
"url": "https://web-material3.yokogawa.com/1/32780/files/ysar-22-0006-e.pdf"
},
{
"trust": 1.8,
"url": "https://web-material3.yokogawa.com/19/32780/files/ysar-22-0006-j.pdf"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-174-02"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3072"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-30707/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424307"
},
{
"db": "VULMON",
"id": "CVE-2022-30707"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001958"
},
{
"db": "NVD",
"id": "CVE-2022-30707"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2244"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-424307"
},
{
"db": "VULMON",
"id": "CVE-2022-30707"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001958"
},
{
"db": "NVD",
"id": "CVE-2022-30707"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2244"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-424307"
},
{
"date": "2022-06-28T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30707"
},
{
"date": "2022-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001958"
},
{
"date": "2022-06-28T13:15:12.497000",
"db": "NVD",
"id": "CVE-2022-30707"
},
{
"date": "2022-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2244"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-14T00:00:00",
"db": "VULHUB",
"id": "VHN-424307"
},
{
"date": "2022-06-28T00:00:00",
"db": "VULMON",
"id": "CVE-2022-30707"
},
{
"date": "2022-06-28T01:48:00",
"db": "JVNDB",
"id": "JVNDB-2022-001958"
},
{
"date": "2023-08-08T14:21:49.707000",
"db": "NVD",
"id": "CVE-2022-30707"
},
{
"date": "2022-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2244"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2244"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CAMS\u00a0for\u00a0HIS\u00a0 Communication design flaw",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001958"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2244"
}
],
"trust": 0.6
}
}
var-202002-0867
Vulnerability from variot
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet. Provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. * * Vulnerability that stops communication functions by receiving specially crafted packets (CVE-2015-5626) * * Vulnerability that could cause a process to stop by receiving a specially crafted packet (CVE-2015-5627) * * Vulnerability that allows arbitrary code to be executed by receiving specially crafted packets (CVE-2015-5628) For details, please check the information provided by the product developer.By receiving a specially crafted communication frame, the communication function and the process that has the communication function may be stopped, or arbitrary code may be executed with the authority of the system that executes the process. According to product developers, this vulnerability could be exploited if the network of the entire system is properly managed, such as the network to which the affected product is connected is blocked from other networks. It is said that it is low. Yokogawa Japan Yokogawa Electric Corporation is a leader in measurement, industrial automation control, and information systems. A stack buffer overflow vulnerability exists in multiple Yokogawa products. The attacker sends a constructed packet to exploit the vulnerability to cause network communication to become unresponsive. Successful exploits may allow an attacker to execute arbitrary code or to cause a denial-of-service condition. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Yokogawa CENTUM CS 3000, etc. are all products of Japan Yokogawa (Yokogawa). Yokogawa CENTUM CS 3000 is a large-scale production control system. Exaopc is an OPC data access server. Exaquantum is a plant information management system (PIMS) for the process industry
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0867",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prosafe-rs",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.02.10"
},
{
"model": "exaplog",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.40.00"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "field wireless device opc server",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.01.02"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.85.00"
},
{
"model": "b\\/m9000 vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r7.03.04"
},
{
"model": "stardom opc server",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.40"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "exapilot",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.96.10"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.02"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.72.00"
},
{
"model": "centum cs 3000 entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "exarqe",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.20"
},
{
"model": "plant resource manager",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.12.00"
},
{
"model": "exasmoc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.20"
},
{
"model": "exaquantum\\/batch",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.50.30"
},
{
"model": "centum cs 1000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.70"
},
{
"model": "versatile data server software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r7.30.01"
},
{
"model": "b\\/m9000cs",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.05.01"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.01"
},
{
"model": "scada software \\",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r10.01"
},
{
"model": "exaopc \u003c=r3.72.00",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa",
"version": "1000"
},
{
"model": "b/m9000 vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r7.03.04 )"
},
{
"model": "b/m9000cs",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r5.05.01 )"
},
{
"model": "centum cs 1000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.08.70 )"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.09.50 )"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "small (r3.09.50 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r5.04.20 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "basic (r5.04.20 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "small (r5.04.20 )"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.72.00 )"
},
{
"model": "exapilot",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.96.10 )"
},
{
"model": "exaplog",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.40.00 )"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r2.85.00 )"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "/batch (r2.50.30 )"
},
{
"model": "exarqe",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r4.03.20 )"
},
{
"model": "exasmoc",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r4.03.20 )"
},
{
"model": "fast/tools",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r10.01 )"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r1.01 and r1.02)"
},
{
"model": "prm",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.12.00 )"
},
{
"model": "prosafe-rs",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.02.10 )"
},
{
"model": "stardom",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "opc server for windows (r3.40 )"
},
{
"model": "stardom",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "vds (r7.30.01 )"
},
{
"model": "for field wireless opc server",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r2.01.02 )"
},
{
"model": "centum centum vp entry",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum vp",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum cs entry",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "stardom vds r7.30.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "stardom opc server for windows r3.40",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r3.02.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r2.03.80",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r1.03.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prm r3.12.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prm r3.11.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fieldmate r1.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fieldmate r1.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "field wireless device opc server r2.01.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "field wireless device opc server r2.01.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.05-sp2",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.05",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.04",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.03",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r10.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exasmoc r4.03.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exarqe r4.03.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum/batch r2.50.30",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum/batch r2.50.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.85.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.80.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.50.30",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.02.50",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaplog r3.40.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exapilot r3.96.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exapilot r3.96.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.72.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.72.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.71.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3.72.00"
},
{
"model": "exaopc",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3.71.02"
},
{
"model": "centum vp entry r5.04.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r5.04.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r5.04.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r4.03.56",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r4.03.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum cs entry r3.09.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.09.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.09",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.70",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.07",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.06",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.05",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.04",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.03",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.02",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.01",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.70",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "1000"
},
{
"model": "b/m9000cs r5.05.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "b/m9000 vp r7.03.04",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "b/m9000 vp r7.03.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum vp entry",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "*"
},
{
"model": "centum centum vp",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "*"
},
{
"model": "centum centum cs entry",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "3000*"
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "3000*"
}
],
"sources": [
{
"db": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5628"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.08.70",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.02.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.72.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.96.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.40.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.85.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.50.30",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.01.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.12.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:scada_software_\\(fast\\/tools\\):*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r10.01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r7.30.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.05.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:b\\/m9000_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r7.03.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5628"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "76709"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5628",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-004852",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05995",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "81247038-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-83589",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-5628",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5628",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2015-004852",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05995",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-479",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-83589",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-5628",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"db": "VULHUB",
"id": "VHN-83589"
},
{
"db": "VULMON",
"id": "CVE-2015-5628"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5628"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet. Provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product\u0027s communication capabilities. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product\u0027s communication capabilities. * * Vulnerability that stops communication functions by receiving specially crafted packets (CVE-2015-5626) * * Vulnerability that could cause a process to stop by receiving a specially crafted packet (CVE-2015-5627) * * Vulnerability that allows arbitrary code to be executed by receiving specially crafted packets (CVE-2015-5628) For details, please check the information provided by the product developer.By receiving a specially crafted communication frame, the communication function and the process that has the communication function may be stopped, or arbitrary code may be executed with the authority of the system that executes the process. According to product developers, this vulnerability could be exploited if the network of the entire system is properly managed, such as the network to which the affected product is connected is blocked from other networks. It is said that it is low. Yokogawa Japan Yokogawa Electric Corporation is a leader in measurement, industrial automation control, and information systems. A stack buffer overflow vulnerability exists in multiple Yokogawa products. The attacker sends a constructed packet to exploit the vulnerability to cause network communication to become unresponsive. \nSuccessful exploits may allow an attacker to execute arbitrary code or to cause a denial-of-service condition. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Yokogawa CENTUM CS 3000, etc. are all products of Japan Yokogawa (Yokogawa). Yokogawa CENTUM CS 3000 is a large-scale production control system. Exaopc is an OPC data access server. Exaquantum is a plant information management system (PIMS) for the process industry",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5628"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-83589"
},
{
"db": "VULMON",
"id": "CVE-2015-5628"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5628",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-15-253-01",
"trust": 3.5
},
{
"db": "CNNVD",
"id": "CNNVD-201509-479",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-05995",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92677348",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852",
"trust": 0.8
},
{
"db": "BID",
"id": "76709",
"trust": 0.4
},
{
"db": "IVD",
"id": "81247038-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-83589",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-5628",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"db": "VULHUB",
"id": "VHN-83589"
},
{
"db": "VULMON",
"id": "CVE-2015-5628"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5628"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
]
},
"id": "VAR-202002-0867",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"db": "VULHUB",
"id": "VHN-83589"
}
],
"trust": 1.3960373416666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05995"
}
]
},
"last_update_date": "2023-12-18T12:35:45.366000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e \u306e\u544a\u77e5\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.yokogawa.co.jp/dcs/security/ysar/dcs-ysar-index-ja.htm"
},
{
"title": "Patch for Yokogawa Multiple Product Stack Buffer Overflow Vulnerability (CNVD-2015-05995)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/63993"
},
{
"title": "Multiple Yokogawa Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108067"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83589"
},
{
"db": "NVD",
"id": "CVE-2015-5628"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-253-01"
},
{
"trust": 2.1,
"url": "http://www.yokogawa.com/dcs/security/ysar/ysar-15-0003e.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5626"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5627"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5628"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92677348/index.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5628"
},
{
"trust": 0.3,
"url": "http://www.yokogawa.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76709"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"db": "VULHUB",
"id": "VHN-83589"
},
{
"db": "VULMON",
"id": "CVE-2015-5628"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5628"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"db": "VULHUB",
"id": "VHN-83589"
},
{
"db": "VULMON",
"id": "CVE-2015-5628"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5628"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "IVD",
"id": "81247038-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"date": "2020-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-83589"
},
{
"date": "2020-02-05T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5628"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76709"
},
{
"date": "2015-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"date": "2020-02-05T19:15:10.397000",
"db": "NVD",
"id": "CVE-2015-5628"
},
{
"date": "2015-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05995"
},
{
"date": "2020-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-83589"
},
{
"date": "2020-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5628"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76709"
},
{
"date": "2015-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"date": "2020-02-12T20:16:13.513000",
"db": "NVD",
"id": "CVE-2015-5628"
},
{
"date": "2020-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CENTUM Including multiple YOKOGAWA Multiple vulnerabilities in product communication functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-479"
}
],
"trust": 0.6
}
}
var-202008-0991
Vulnerability from variot
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors. Provided by Yokogawa Electric Corporation CAMS for HIS Is vulnerable to several vulnerabilities: * Inappropriate authentication (CWE-287) - CVE-2020-5608 * Path traversal (CWE-22) - CVE-2020-5609The expected impact depends on each vulnerability, but it may be affected as follows. * A specially crafted communication packet is sent by an unauthenticated third party - CVE-2020-5608 * Unauthenticated third parties create or overwrite files in any location, or execute arbitrary commands - CVE-2020-5609
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-0991",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum cs 3000",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.10"
},
{
"model": "b\\/m9000cs",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.01"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.07.00"
},
{
"model": "b\\/m9000vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r8.03.01"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.01.00"
},
{
"model": "b\\/m9000vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.01"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "b\\/m9000cs",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.05.01"
},
{
"model": "centum vp",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.01.00"
},
{
"model": "b/m9000cs",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "vp r6.01.01 \u304b\u3089 r8.03.01"
},
{
"model": "b/m9000cs",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r5.04.01 \u304b\u3089 r5.05.01"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(centum cs 3000 small \u542b\u3080) r3.08.10 \u304b\u3089 r3.09.50"
},
{
"model": "centum vp",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(centum vp small, basic \u542b\u3080) r4.01.00 \u304b\u3089 r6.07.00"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"db": "NVD",
"id": "CVE-2020-5609"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r6.07.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.05.01",
"versionStartIncluding": "r5.04.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:b\\/m9000vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r8.03.01",
"versionStartIncluding": "r6.01.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5609"
}
]
},
"cve": "CVE-2020-5609",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-007129",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-007129",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-007129",
"trust": 1.6,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2020-5609",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-164",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"db": "NVD",
"id": "CVE-2020-5609"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-164"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors. Provided by Yokogawa Electric Corporation CAMS for HIS Is vulnerable to several vulnerabilities: * Inappropriate authentication (CWE-287) - CVE-2020-5608 * Path traversal (CWE-22) - CVE-2020-5609The expected impact depends on each vulnerability, but it may be affected as follows. * A specially crafted communication packet is sent by an unauthenticated third party - CVE-2020-5608 * Unauthenticated third parties create or overwrite files in any location, or execute arbitrary commands - CVE-2020-5609",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5609"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU97997181",
"trust": 2.4
},
{
"db": "NVD",
"id": "CVE-2020-5609",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-20-224-01",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007129",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.2759",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202008-164",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"db": "NVD",
"id": "CVE-2020-5609"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-164"
}
]
},
"id": "VAR-202008-0991",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.2410628
},
"last_update_date": "2023-12-18T13:07:29.108000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "YSAR-20-0001: CAMS for HIS\u306b\u8907\u6570\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://www.yokogawa.co.jp/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"title": "Yokogawa CAMS for HIS Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=126322"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-164"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-5609"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://jvn.jp/vu/jvnvu97997181/index.html"
},
{
"trust": 1.6,
"url": "https://web-material3.yokogawa.com/1/29820/files/ysar-20-0001-e.pdf"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-224-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5609"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5608"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5609"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu97997181"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-5608"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2759/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"db": "NVD",
"id": "CVE-2020-5609"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-164"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"db": "NVD",
"id": "CVE-2020-5609"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-164"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"date": "2020-08-05T14:15:13.187000",
"db": "NVD",
"id": "CVE-2020-5609"
},
{
"date": "2020-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-164"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007129"
},
{
"date": "2020-08-12T13:29:34.810000",
"db": "NVD",
"id": "CVE-2020-5609"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-164"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-164"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Made by Yokogawa Electric CAMS for HIS Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007129"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-164"
}
],
"trust": 0.6
}
}
var-201407-0492
Vulnerability from variot
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA The product contains a buffer overflow vulnerability. This vulnerability JVNVU#98181377 Is different. JVNVU#98181377 http://jvn.jp/vu/JVNVU98181377/index.htmlIf a specially crafted packet is processed while the extended test function is running, the process may stop. In some cases, arbitrary code may be executed with the privileges of the user running the product. Yokogawa Corporation (YOKOGAWA) is a world-renowned leader in measurement, industrial automation control, and information systems. There are buffer overflow vulnerabilities in Yokogawa's multiple products 'BKFSim_vhfd.exe'. Since the sub_403E10\" (IDA notation) function in multiple YOKOGAWA products \"BKFSim_vhfd.exe\" service is used for logging functions, the function uses user controllable data to create logs. Using similar vsprintf and memcpy functions can cause an attacker to trigger a buffer overflow, which can crash an application or execute arbitrary code in the context of an application. Multiple Yokogawa Products are prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. Yokogawa CENTUM CS, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Yokogawa CENTUM CS and CENTUM VP are large-scale production control systems. Exaopc is an OPC data access server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0492",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centum cs 1000 software",
"scope": "eq",
"trust": 1.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "b\\/m9000cs",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp software",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "4.03.00"
},
{
"model": "centum cs 3000 software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "2.23.00"
},
{
"model": "centum vp",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "3.71.02"
},
{
"model": "b\\/m9000 vp software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "7.03.01"
},
{
"model": "centum cs 3000 entry class software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "3.09.50"
},
{
"model": "centum cs 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": null
},
{
"model": "b\\/m9000 vp",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "5.03.20"
},
{
"model": "centum vp entry class software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "5.03.00"
},
{
"model": "centum vp entry class",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum cs 3000 entry class",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": null
},
{
"model": "b\\/m9000cs software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "5.05.01"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "3.72.00"
},
{
"model": "b/m9000 vp",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "b/m9000 vp software",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r7.03.01"
},
{
"model": "b/m9000cs",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "b/m9000cs software",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r5.05.01"
},
{
"model": "centum cs 1000",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum cs 1000 software",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "none"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "small"
},
{
"model": "centum cs 3000 entry class software",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r3.09.50"
},
{
"model": "centum cs 3000 software",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r3.09.50"
},
{
"model": "centum vp",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "none"
},
{
"model": "centum vp",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "basic"
},
{
"model": "centum vp",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "small"
},
{
"model": "centum vp entry class software",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r5.03.20"
},
{
"model": "centum vp software",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r5.03.20"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "72.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "exaopc",
"version": "3.71.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "exaopc",
"version": "*"
},
{
"model": "cs3000",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r3.08.70"
},
{
"model": "centum cs 3000 entry class software",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "3.09.50"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r3.08.50"
},
{
"model": "centum cs 3000 software",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "2.23.00"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r3.09"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r3.07"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r3.08"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r3.06"
}
],
"sources": [
{
"db": "IVD",
"id": "aef169b2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "e7929a0c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d758acf-463f-11e9-86c9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04231"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003164"
},
{
"db": "NVD",
"id": "CVE-2014-3888"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-258"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.72.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:3.71.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:b\\/m9000cs_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.05.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp_entry_class_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.03.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp_entry_class:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp_software:4.03.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.03.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:b\\/m9000_vp_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.03.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.23.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_1000_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000_entry_class_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.09.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000_entry_class:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3888"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "juan vazquez",
"sources": [
{
"db": "BID",
"id": "68428"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3888",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2014-003164",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04231",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "aef169b2-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "e7929a0c-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d758acf-463f-11e9-86c9-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-71828",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3888",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2014-003164",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-04231",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-258",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "aef169b2-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e7929a0c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d758acf-463f-11e9-86c9-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-71828",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "aef169b2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "e7929a0c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d758acf-463f-11e9-86c9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04231"
},
{
"db": "VULHUB",
"id": "VHN-71828"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003164"
},
{
"db": "NVD",
"id": "CVE-2014-3888"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-258"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA The product contains a buffer overflow vulnerability. This vulnerability JVNVU#98181377 Is different. JVNVU#98181377 http://jvn.jp/vu/JVNVU98181377/index.htmlIf a specially crafted packet is processed while the extended test function is running, the process may stop. In some cases, arbitrary code may be executed with the privileges of the user running the product. Yokogawa Corporation (YOKOGAWA) is a world-renowned leader in measurement, industrial automation control, and information systems. There are buffer overflow vulnerabilities in Yokogawa\u0027s multiple products \u0027BKFSim_vhfd.exe\u0027. Since the sub_403E10\\\" (IDA notation) function in multiple YOKOGAWA products \\\"BKFSim_vhfd.exe\\\" service is used for logging functions, the function uses user controllable data to create logs. Using similar vsprintf and memcpy functions can cause an attacker to trigger a buffer overflow, which can crash an application or execute arbitrary code in the context of an application. Multiple Yokogawa Products are prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. Yokogawa CENTUM CS, etc. are all products of Japan\u0027s Yokogawa Electric (Yokogawa) company. Yokogawa CENTUM CS and CENTUM VP are large-scale production control systems. Exaopc is an OPC data access server",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3888"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003164"
},
{
"db": "CNVD",
"id": "CNVD-2014-04231"
},
{
"db": "BID",
"id": "68428"
},
{
"db": "IVD",
"id": "aef169b2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "e7929a0c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d758acf-463f-11e9-86c9-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-71828"
}
],
"trust": 3.06
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-71828",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71828"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3888",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-14-189-01",
"trust": 2.5
},
{
"db": "CNNVD",
"id": "CNNVD-201407-258",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2014-04231",
"trust": 1.2
},
{
"db": "PACKETSTORM",
"id": "127382",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "34009",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "108756",
"trust": 1.1
},
{
"db": "BID",
"id": "68428",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU95045914",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003164",
"trust": 0.8
},
{
"db": "IVD",
"id": "AEF169B2-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "E7929A0C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D758ACF-463F-11E9-86C9-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-71828",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "aef169b2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "e7929a0c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d758acf-463f-11e9-86c9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04231"
},
{
"db": "VULHUB",
"id": "VHN-71828"
},
{
"db": "BID",
"id": "68428"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003164"
},
{
"db": "NVD",
"id": "CVE-2014-3888"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-258"
}
]
},
"id": "VAR-201407-0492",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "aef169b2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "e7929a0c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d758acf-463f-11e9-86c9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04231"
},
{
"db": "VULHUB",
"id": "VHN-71828"
}
],
"trust": 1.8101788266666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "aef169b2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "e7929a0c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d758acf-463f-11e9-86c9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04231"
}
]
},
"last_update_date": "2023-12-18T12:38:13.814000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e \u306e\u544a\u77e5\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.yokogawa.co.jp/dcs/security/ysar/dcs-ysar-index-ja.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003164"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71828"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003164"
},
{
"db": "NVD",
"id": "CVE-2014-3888"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-189-01"
},
{
"trust": 1.7,
"url": "http://www.yokogawa.com/dcs/security/ysar/ysar-14-0002e.pdf"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/34009"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/127382/yokogawa-cs3000-bkfsim_vhfd.exe-buffer-overflow.html"
},
{
"trust": 1.1,
"url": "http://osvdb.org/show/osvdb/108756"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3888"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95045914/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3888"
},
{
"trust": 0.6,
"url": "https://community.rapid7.com/community/metasploit/blog/2014/07/07/r7-2014-06-disclosure-yokogawa-centum-cs-3000-bkfsimvhfdexe-buffer-overflow"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04231"
},
{
"db": "VULHUB",
"id": "VHN-71828"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003164"
},
{
"db": "NVD",
"id": "CVE-2014-3888"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-258"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "aef169b2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "e7929a0c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d758acf-463f-11e9-86c9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04231"
},
{
"db": "VULHUB",
"id": "VHN-71828"
},
{
"db": "BID",
"id": "68428"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003164"
},
{
"db": "NVD",
"id": "CVE-2014-3888"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-258"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-11T00:00:00",
"db": "IVD",
"id": "aef169b2-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-07-11T00:00:00",
"db": "IVD",
"id": "e7929a0c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2014-07-11T00:00:00",
"db": "IVD",
"id": "7d758acf-463f-11e9-86c9-000c29342cb1"
},
{
"date": "2014-07-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04231"
},
{
"date": "2014-07-10T00:00:00",
"db": "VULHUB",
"id": "VHN-71828"
},
{
"date": "2014-07-07T00:00:00",
"db": "BID",
"id": "68428"
},
{
"date": "2014-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003164"
},
{
"date": "2014-07-10T11:06:28.880000",
"db": "NVD",
"id": "CVE-2014-3888"
},
{
"date": "2014-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-258"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04231"
},
{
"date": "2015-10-08T00:00:00",
"db": "VULHUB",
"id": "VHN-71828"
},
{
"date": "2014-08-27T00:04:00",
"db": "BID",
"id": "68428"
},
{
"date": "2014-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003164"
},
{
"date": "2015-10-08T15:15:10.473000",
"db": "NVD",
"id": "CVE-2014-3888"
},
{
"date": "2014-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-258"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-258"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa Multiple products \u0027BKFSim_vhfd.exe\u0027 Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "aef169b2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "e7929a0c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d758acf-463f-11e9-86c9-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-04231"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "aef169b2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "e7929a0c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d758acf-463f-11e9-86c9-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-258"
}
],
"trust": 1.2
}
}
var-202002-0865
Vulnerability from variot
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet. Provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product's communication capabilities. * * Vulnerability that stops communication functions by receiving specially crafted packets (CVE-2015-5626) * * Vulnerability that could cause a process to stop by receiving a specially crafted packet (CVE-2015-5627) * * Vulnerability that allows arbitrary code to be executed by receiving specially crafted packets (CVE-2015-5628) For details, please check the information provided by the product developer.By receiving a specially crafted communication frame, the communication function and the process that has the communication function may be stopped, or arbitrary code may be executed with the authority of the system that executes the process. According to product developers, this vulnerability could be exploited if the network of the entire system is properly managed, such as the network to which the affected product is connected is blocked from other networks. It is said that it is low. Yokogawa Japan Yokogawa Electric Corporation is a leader in measurement, industrial automation control, and information systems. A stack buffer overflow vulnerability exists in multiple Yokogawa products. The attacker sends a constructed packet to exploit the vulnerability to cause network communication to become unresponsive. Successful exploits may allow an attacker to execute arbitrary code or to cause a denial-of-service condition. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Yokogawa CENTUM CS, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Yokogawa CENTUM CS and CENTUM VP are large-scale production control systems. Exaopc is an OPC data access server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0865",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prosafe-rs",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.02.10"
},
{
"model": "exaplog",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.40.00"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "field wireless device opc server",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.01.02"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.85.00"
},
{
"model": "b\\/m9000 vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r7.03.04"
},
{
"model": "stardom opc server",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.40"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "centum vp entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.04.20"
},
{
"model": "exapilot",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.96.10"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.02"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.72.00"
},
{
"model": "centum cs 3000 entry",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "exarqe",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.20"
},
{
"model": "plant resource manager",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.12.00"
},
{
"model": "exasmoc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.20"
},
{
"model": "exaquantum\\/batch",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.50.30"
},
{
"model": "centum cs 1000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.70"
},
{
"model": "versatile data server software",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r7.30.01"
},
{
"model": "b\\/m9000cs",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r5.05.01"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.01"
},
{
"model": "scada software \\",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r10.01"
},
{
"model": "exaopc \u003c=r3.72.00",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa",
"version": "1000"
},
{
"model": "b/m9000 vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r7.03.04 )"
},
{
"model": "b/m9000cs",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r5.05.01 )"
},
{
"model": "centum cs 1000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.08.70 )"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.09.50 )"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "small (r3.09.50 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r5.04.20 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "basic (r5.04.20 )"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "small (r5.04.20 )"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.72.00 )"
},
{
"model": "exapilot",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.96.10 )"
},
{
"model": "exaplog",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.40.00 )"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r2.85.00 )"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "/batch (r2.50.30 )"
},
{
"model": "exarqe",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r4.03.20 )"
},
{
"model": "exasmoc",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r4.03.20 )"
},
{
"model": "fast/tools",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r10.01 )"
},
{
"model": "fieldmate",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r1.01 and r1.02)"
},
{
"model": "prm",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.12.00 )"
},
{
"model": "prosafe-rs",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r3.02.10 )"
},
{
"model": "stardom",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "opc server for windows (r3.40 )"
},
{
"model": "stardom",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "vds (r7.30.01 )"
},
{
"model": "for field wireless opc server",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "(r2.01.02 )"
},
{
"model": "centum centum vp entry",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum vp",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum cs entry",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "stardom vds r7.30.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "stardom opc server for windows r3.40",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r3.02.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r2.03.80",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prosafe-rs r1.03.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prm r3.12.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "prm r3.11.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fieldmate r1.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fieldmate r1.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "field wireless device opc server r2.01.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "field wireless device opc server r2.01.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.05-sp2",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.05",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.04",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.03",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r9.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "fast/tools r10.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exasmoc r4.03.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exarqe r4.03.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum/batch r2.50.30",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum/batch r2.50.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.85.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.80.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.50.30",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaquantum r2.02.50",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaplog r3.40.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exapilot r3.96.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exapilot r3.96.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.72.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.72.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc r3.71.02",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3.72.00"
},
{
"model": "exaopc",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3.71.02"
},
{
"model": "centum vp entry r5.04.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r5.04.20",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r5.04.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r4.03.56",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r4.03.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum cs entry r3.09.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.09.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.09",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.70",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.07",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.06",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.05",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.04",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.03",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.02",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.01",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.08.70",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "1000"
},
{
"model": "b/m9000cs r5.05.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "b/m9000 vp r7.03.04",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "b/m9000 vp r7.03.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum centum vp entry",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "*"
},
{
"model": "centum centum vp",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "*"
},
{
"model": "centum centum cs entry",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "3000*"
},
{
"model": "centum centum cs",
"scope": "eq",
"trust": 0.2,
"vendor": "yokogawa",
"version": "3000*"
}
],
"sources": [
{
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5626"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.08.70",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.02.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.72.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.96.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.40.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.85.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.50.30",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.20",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.01.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.12.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:scada_software_\\(fast\\/tools\\):*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r10.01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r7.30.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r5.05.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:b\\/m9000_vp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r7.03.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5626"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "76709"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5626",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-004852",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05997",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "8128c7be-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-83587",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-5626",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5626",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2015-004852",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05997",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-477",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-83587",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-5626",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"db": "VULHUB",
"id": "VHN-83587"
},
{
"db": "VULMON",
"id": "CVE-2015-5626"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5626"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet. Provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product\u0027s communication capabilities. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA There are multiple vulnerabilities in the product\u0027s communication capabilities. * * Vulnerability that stops communication functions by receiving specially crafted packets (CVE-2015-5626) * * Vulnerability that could cause a process to stop by receiving a specially crafted packet (CVE-2015-5627) * * Vulnerability that allows arbitrary code to be executed by receiving specially crafted packets (CVE-2015-5628) For details, please check the information provided by the product developer.By receiving a specially crafted communication frame, the communication function and the process that has the communication function may be stopped, or arbitrary code may be executed with the authority of the system that executes the process. According to product developers, this vulnerability could be exploited if the network of the entire system is properly managed, such as the network to which the affected product is connected is blocked from other networks. It is said that it is low. Yokogawa Japan Yokogawa Electric Corporation is a leader in measurement, industrial automation control, and information systems. A stack buffer overflow vulnerability exists in multiple Yokogawa products. The attacker sends a constructed packet to exploit the vulnerability to cause network communication to become unresponsive. \nSuccessful exploits may allow an attacker to execute arbitrary code or to cause a denial-of-service condition. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Yokogawa CENTUM CS, etc. are all products of Japan\u0027s Yokogawa Electric (Yokogawa) company. Yokogawa CENTUM CS and CENTUM VP are large-scale production control systems. Exaopc is an OPC data access server",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5626"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-83587"
},
{
"db": "VULMON",
"id": "CVE-2015-5626"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5626",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-15-253-01",
"trust": 3.5
},
{
"db": "CNVD",
"id": "CNVD-2015-05997",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-477",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92677348",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852",
"trust": 0.8
},
{
"db": "BID",
"id": "76709",
"trust": 0.4
},
{
"db": "IVD",
"id": "8128C7BE-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-83587",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-5626",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"db": "VULHUB",
"id": "VHN-83587"
},
{
"db": "VULMON",
"id": "CVE-2015-5626"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5626"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
]
},
"id": "VAR-202002-0865",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"db": "VULHUB",
"id": "VHN-83587"
}
],
"trust": 1.3960373416666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05997"
}
]
},
"last_update_date": "2023-12-18T12:35:45.282000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e \u306e\u544a\u77e5\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.yokogawa.co.jp/dcs/security/ysar/dcs-ysar-index-ja.htm"
},
{
"title": "Patch of Yokogawa Multiple Product Stack Buffer Overflow Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/63995"
},
{
"title": "Multiple Yokogawa Product Buffer Error Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108065"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83587"
},
{
"db": "NVD",
"id": "CVE-2015-5626"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-253-01"
},
{
"trust": 2.1,
"url": "http://www.yokogawa.com/dcs/security/ysar/ysar-15-0003e.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5626"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5627"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5628"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92677348/index.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5626"
},
{
"trust": 0.3,
"url": "http://www.yokogawa.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76709"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"db": "VULHUB",
"id": "VHN-83587"
},
{
"db": "VULMON",
"id": "CVE-2015-5626"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5626"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"db": "VULHUB",
"id": "VHN-83587"
},
{
"db": "VULMON",
"id": "CVE-2015-5626"
},
{
"db": "BID",
"id": "76709"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"db": "NVD",
"id": "CVE-2015-5626"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"date": "2020-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-83587"
},
{
"date": "2020-02-05T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5626"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76709"
},
{
"date": "2015-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"date": "2020-02-05T19:15:10.240000",
"db": "NVD",
"id": "CVE-2015-5626"
},
{
"date": "2015-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05997"
},
{
"date": "2020-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-83587"
},
{
"date": "2020-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5626"
},
{
"date": "2015-09-10T00:00:00",
"db": "BID",
"id": "76709"
},
{
"date": "2015-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004852"
},
{
"date": "2020-02-12T19:29:49.680000",
"db": "NVD",
"id": "CVE-2015-5626"
},
{
"date": "2020-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa Multiple Product Stack Buffer Overflow Vulnerabilities",
"sources": [
{
"db": "IVD",
"id": "8128c7be-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05997"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-477"
}
],
"trust": 0.6
}
}