All the vulnerabilites related to yokogawa - centum_cs_3000_firmware
cve-2022-23401
Vulnerability from cvelistv5
Published
2022-03-11 09:10
Modified
2024-08-03 03:43
Severity ?
EPSS score ?
Summary
The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Yokogawa Electric Corporation | CENTUM CS 3000 |
Version: versions from R3.08.10 to R3.09.00 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:45.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.08.10 to R3.09.00"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R4.01.00 to R4.03.00"
},
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:51",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-23401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "versions from R3.08.10 to R3.09.00"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R4.01.00 to R4.03.00"
},
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-23401",
"datePublished": "2022-03-11T09:10:51",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T03:43:45.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5609
Vulnerability from cvelistv5
Published
2020-08-05 13:12
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU97997181/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Yokogawa Electric Corporation | CAMS for HIS |
Version: CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CAMS for HIS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-05T13:12:59",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CAMS for HIS",
"version": {
"version_data": [
{
"version_value": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU97997181/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5609",
"datePublished": "2020-08-05T13:12:59",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21808
Vulnerability from cvelistv5
Published
2022-03-11 09:10
Modified
2024-08-03 02:53
Severity ?
EPSS score ?
Summary
Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Yokogawa Electric Corporation | CENTUM CS 3000 |
Version: versions from R3.08.10 to R3.09.00 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:36.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.08.10 to R3.09.00"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R4.01.00 to R4.03.00"
},
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:42",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-21808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "versions from R3.08.10 to R3.09.00"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R4.01.00 to R4.03.00"
},
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-21808",
"datePublished": "2022-03-11T09:10:42",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T02:53:36.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5627
Vulnerability from cvelistv5
Published
2020-02-05 18:45
Modified
2024-08-06 06:59
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | x_refsource_MISC | |
| http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Yokogawa | CENTUM CS 1000 |
Version: R3.08.70 and earlier |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:02.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 1000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.08.70 and earlier"
}
]
},
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM CS 3000 Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "CENTUM VP Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "ProSafe-RS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.02.10 and earlier"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.72.00 and earlier"
}
]
},
{
"product": "Exaquantum",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.85.00 and earlier"
}
]
},
{
"product": "Exaquantum/Batch",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.50.30 and earlier"
}
]
},
{
"product": "Exapilot",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.96.10 and earlier"
}
]
},
{
"product": "Exaplog",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40.00 and earlier"
}
]
},
{
"product": "Exasmoc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Exarqe",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Field Wireless Device OPC Server",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.01.02 and earlier"
}
]
},
{
"product": "PRM",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.12.00 and earlier"
}
]
},
{
"product": "STARDOM VDS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.30.01 and earlier"
}
]
},
{
"product": "STARDOM OPC Server for Windows",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40 and earlier"
}
]
},
{
"product": "FAST/TOOLS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R10.01 and earlier"
}
]
},
{
"product": "B/M9000CS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.05.01 and earlier"
}
]
},
{
"product": "B/M9000 VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.03.04 and earlier"
}
]
},
{
"product": "FieldMate",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R1.01"
},
{
"status": "affected",
"version": "R1.02"
}
]
}
],
"datePublic": "2015-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T18:45:58",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 1000",
"version": {
"version_data": [
{
"version_value": "R3.08.70 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000 Entry",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP Entry",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "ProSafe-RS",
"version": {
"version_data": [
{
"version_value": "R3.02.10 and earlier"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "R3.72.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum",
"version": {
"version_data": [
{
"version_value": "R2.85.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum/Batch",
"version": {
"version_data": [
{
"version_value": "R2.50.30 and earlier"
}
]
}
},
{
"product_name": "Exapilot",
"version": {
"version_data": [
{
"version_value": "R3.96.10 and earlier"
}
]
}
},
{
"product_name": "Exaplog",
"version": {
"version_data": [
{
"version_value": "R3.40.00 and earlier"
}
]
}
},
{
"product_name": "Exasmoc",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Exarqe",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Field Wireless Device OPC Server",
"version": {
"version_data": [
{
"version_value": "R2.01.02 and earlier"
}
]
}
},
{
"product_name": "PRM",
"version": {
"version_data": [
{
"version_value": "R3.12.00 and earlier"
}
]
}
},
{
"product_name": "STARDOM VDS",
"version": {
"version_data": [
{
"version_value": "R7.30.01 and earlier"
}
]
}
},
{
"product_name": "STARDOM OPC Server for Windows",
"version": {
"version_data": [
{
"version_value": "R3.40 and earlier"
}
]
}
},
{
"product_name": "FAST/TOOLS",
"version": {
"version_data": [
{
"version_value": "R10.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000CS",
"version": {
"version_data": [
{
"version_value": "R5.05.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000 VP",
"version": {
"version_data": [
{
"version_value": "R7.03.04 and earlier"
}
]
}
},
{
"product_name": "FieldMate",
"version": {
"version_data": [
{
"version_value": "R1.01"
},
{
"version_value": "R1.02"
}
]
}
}
]
},
"vendor_name": "Yokogawa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf",
"refsource": "CONFIRM",
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-5627",
"datePublished": "2020-02-05T18:45:58",
"dateReserved": "2015-07-24T00:00:00",
"dateUpdated": "2024-08-06T06:59:02.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22729
Vulnerability from cvelistv5
Published
2022-03-11 09:10
Modified
2024-08-03 03:21
Severity ?
EPSS score ?
Summary
CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Yokogawa Electric Corporation | CENTUM CS 3000 |
Version: versions from R3.08.10 to R3.09.00 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.08.10 to R3.09.00"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R4.01.00 to R4.03.00"
},
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302: Authentication Bypass by Assumed-Immutable Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:50",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-22729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "versions from R3.08.10 to R3.09.00"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R4.01.00 to R4.03.00"
},
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-302: Authentication Bypass by Assumed-Immutable Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-22729",
"datePublished": "2022-03-11T09:10:50",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T03:21:49.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5628
Vulnerability from cvelistv5
Published
2020-02-05 18:46
Modified
2024-08-06 06:59
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | x_refsource_MISC | |
| http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Yokogawa | CENTUM CS 1000 |
Version: R3.08.70 and earlier |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:02.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 1000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.08.70 and earlier"
}
]
},
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM CS 3000 Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "CENTUM VP Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "ProSafe-RS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.02.10 and earlier"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.72.00 and earlier"
}
]
},
{
"product": "Exaquantum",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.85.00 and earlier"
}
]
},
{
"product": "Exaquantum/Batch",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.50.30 and earlier"
}
]
},
{
"product": "Exapilot",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.96.10 and earlier"
}
]
},
{
"product": "Exaplog",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40.00 and earlier"
}
]
},
{
"product": "Exasmoc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Exarqe",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Field Wireless Device OPC Server",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.01.02 and earlier"
}
]
},
{
"product": "PRM",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.12.00 and earlier"
}
]
},
{
"product": "STARDOM VDS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.30.01 and earlier"
}
]
},
{
"product": "STARDOM OPC Server for Windows",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40 and earlier"
}
]
},
{
"product": "FAST/TOOLS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R10.01 and earlier"
}
]
},
{
"product": "B/M9000CS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.05.01 and earlier"
}
]
},
{
"product": "B/M9000 VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.03.04 and earlier"
}
]
},
{
"product": "FieldMate",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R1.01"
},
{
"status": "affected",
"version": "R1.02"
}
]
}
],
"datePublic": "2015-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T18:46:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 1000",
"version": {
"version_data": [
{
"version_value": "R3.08.70 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000 Entry",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP Entry",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "ProSafe-RS",
"version": {
"version_data": [
{
"version_value": "R3.02.10 and earlier"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "R3.72.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum",
"version": {
"version_data": [
{
"version_value": "R2.85.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum/Batch",
"version": {
"version_data": [
{
"version_value": "R2.50.30 and earlier"
}
]
}
},
{
"product_name": "Exapilot",
"version": {
"version_data": [
{
"version_value": "R3.96.10 and earlier"
}
]
}
},
{
"product_name": "Exaplog",
"version": {
"version_data": [
{
"version_value": "R3.40.00 and earlier"
}
]
}
},
{
"product_name": "Exasmoc",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Exarqe",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Field Wireless Device OPC Server",
"version": {
"version_data": [
{
"version_value": "R2.01.02 and earlier"
}
]
}
},
{
"product_name": "PRM",
"version": {
"version_data": [
{
"version_value": "R3.12.00 and earlier"
}
]
}
},
{
"product_name": "STARDOM VDS",
"version": {
"version_data": [
{
"version_value": "R7.30.01 and earlier"
}
]
}
},
{
"product_name": "STARDOM OPC Server for Windows",
"version": {
"version_data": [
{
"version_value": "R3.40 and earlier"
}
]
}
},
{
"product_name": "FAST/TOOLS",
"version": {
"version_data": [
{
"version_value": "R10.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000CS",
"version": {
"version_data": [
{
"version_value": "R5.05.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000 VP",
"version": {
"version_data": [
{
"version_value": "R7.03.04 and earlier"
}
]
}
},
{
"product_name": "FieldMate",
"version": {
"version_data": [
{
"version_value": "R1.01"
},
{
"version_value": "R1.02"
}
]
}
}
]
},
"vendor_name": "Yokogawa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf",
"refsource": "CONFIRM",
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-5628",
"datePublished": "2020-02-05T18:46:01",
"dateReserved": "2015-07-24T00:00:00",
"dateUpdated": "2024-08-06T06:59:02.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22145
Vulnerability from cvelistv5
Published
2022-03-11 09:10
Modified
2024-08-03 03:07
Severity ?
EPSS score ?
Summary
CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Yokogawa Electric Corporation | CENTUM CS 3000 |
Version: versions from R3.08.10 to R3.09.00 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:48.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.08.10 to R3.09.00"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R4.01.00 to R4.03.00"
},
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:45",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-22145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "versions from R3.08.10 to R3.09.00"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R4.01.00 to R4.03.00"
},
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-22145",
"datePublished": "2022-03-11T09:10:45",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T03:07:48.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22148
Vulnerability from cvelistv5
Published
2022-03-11 09:10
Modified
2024-08-03 03:07
Severity ?
EPSS score ?
Summary
'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Yokogawa Electric Corporation | CENTUM CS 3000 |
Version: versions from R3.08.10 to R3.09.00 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.08.10 to R3.09.00"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R4.01.00 to R4.03.00"
},
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\u0027Root Service\u0027 service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:47",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-22148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "versions from R3.08.10 to R3.09.00"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R4.01.00 to R4.03.00"
},
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\u0027Root Service\u0027 service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-22148",
"datePublished": "2022-03-11T09:10:47",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T03:07:49.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30707
Vulnerability from cvelistv5
Published
2022-06-28 10:05
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration.
References
| ▼ | URL | Tags |
|---|---|---|
| https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf | x_refsource_MISC | |
| https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU92819891/index.html | x_refsource_MISC | |
| https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Yokogawa Electric Corporation | CAMS for HIS |
Version: CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92819891/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CAMS for HIS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 \u0027For CENTUM VP Support CAMS for HIS\u0027 is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 \u0027For CENTUM VP Support CAMS for HIS\u0027 is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Violation of Secure Design Principles",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T10:05:59",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92819891/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-30707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CAMS for HIS",
"version": {
"version_data": [
{
"version_value": "CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 \u0027For CENTUM VP Support CAMS for HIS\u0027 is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 \u0027For CENTUM VP Support CAMS for HIS\u0027 is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Violation of Secure Design Principles"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf"
},
{
"name": "https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92819891/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92819891/index.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-30707",
"datePublished": "2022-06-28T10:05:59",
"dateReserved": "2022-06-06T00:00:00",
"dateUpdated": "2024-08-03T06:56:13.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5626
Vulnerability from cvelistv5
Published
2020-02-05 18:46
Modified
2024-08-06 06:59
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | x_refsource_MISC | |
| http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Yokogawa | CENTUM CS 1000 |
Version: R3.08.70 and earlier |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:02.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 1000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.08.70 and earlier"
}
]
},
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM CS 3000 Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "CENTUM VP Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "ProSafe-RS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.02.10 and earlier"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.72.00 and earlier"
}
]
},
{
"product": "Exaquantum",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.85.00 and earlier"
}
]
},
{
"product": "Exaquantum/Batch",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.50.30 and earlier"
}
]
},
{
"product": "Exapilot",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.96.10 and earlier"
}
]
},
{
"product": "Exaplog",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40.00 and earlier"
}
]
},
{
"product": "Exasmoc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Exarqe",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Field Wireless Device OPC Server",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.01.02 and earlier"
}
]
},
{
"product": "PRM",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.12.00 and earlier"
}
]
},
{
"product": "STARDOM VDS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.30.01 and earlier"
}
]
},
{
"product": "STARDOM OPC Server for Windows",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40 and earlier"
}
]
},
{
"product": "FAST/TOOLS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R10.01 and earlier"
}
]
},
{
"product": "B/M9000CS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.05.01 and earlier"
}
]
},
{
"product": "B/M9000 VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.03.04 and earlier"
}
]
},
{
"product": "FieldMate",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R1.01"
},
{
"status": "affected",
"version": "R1.02"
}
]
}
],
"datePublic": "2015-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T18:46:05",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 1000",
"version": {
"version_data": [
{
"version_value": "R3.08.70 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000 Entry",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP Entry",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "ProSafe-RS",
"version": {
"version_data": [
{
"version_value": "R3.02.10 and earlier"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "R3.72.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum",
"version": {
"version_data": [
{
"version_value": "R2.85.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum/Batch",
"version": {
"version_data": [
{
"version_value": "R2.50.30 and earlier"
}
]
}
},
{
"product_name": "Exapilot",
"version": {
"version_data": [
{
"version_value": "R3.96.10 and earlier"
}
]
}
},
{
"product_name": "Exaplog",
"version": {
"version_data": [
{
"version_value": "R3.40.00 and earlier"
}
]
}
},
{
"product_name": "Exasmoc",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Exarqe",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Field Wireless Device OPC Server",
"version": {
"version_data": [
{
"version_value": "R2.01.02 and earlier"
}
]
}
},
{
"product_name": "PRM",
"version": {
"version_data": [
{
"version_value": "R3.12.00 and earlier"
}
]
}
},
{
"product_name": "STARDOM VDS",
"version": {
"version_data": [
{
"version_value": "R7.30.01 and earlier"
}
]
}
},
{
"product_name": "STARDOM OPC Server for Windows",
"version": {
"version_data": [
{
"version_value": "R3.40 and earlier"
}
]
}
},
{
"product_name": "FAST/TOOLS",
"version": {
"version_data": [
{
"version_value": "R10.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000CS",
"version": {
"version_data": [
{
"version_value": "R5.05.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000 VP",
"version": {
"version_data": [
{
"version_value": "R7.03.04 and earlier"
}
]
}
},
{
"product_name": "FieldMate",
"version": {
"version_data": [
{
"version_value": "R1.01"
},
{
"version_value": "R1.02"
}
]
}
}
]
},
"vendor_name": "Yokogawa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf",
"refsource": "CONFIRM",
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-5626",
"datePublished": "2020-02-05T18:46:05",
"dateReserved": "2015-07-24T00:00:00",
"dateUpdated": "2024-08-06T06:59:02.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-21177
Vulnerability from cvelistv5
Published
2022-03-11 09:10
Modified
2024-08-03 02:31
Severity ?
EPSS score ?
Summary
There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Yokogawa Electric Corporation | CENTUM CS 3000 |
Version: versions from R3.08.10 to R3.09.00 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.08.10 to R3.09.00"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R4.01.00 to R4.03.00"
},
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:39",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-21177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "versions from R3.08.10 to R3.09.00"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R4.01.00 to R4.03.00"
},
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-21177",
"datePublished": "2022-03-11T09:10:39",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T02:31:59.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22141
Vulnerability from cvelistv5
Published
2022-03-11 09:10
Modified
2024-08-03 03:07
Severity ?
EPSS score ?
Summary
'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Yokogawa Electric Corporation | CENTUM CS 3000 |
Version: versions from R3.08.10 to R3.09.00 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:48.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.08.10 to R3.09.00"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R4.01.00 to R4.03.00"
},
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\u0027Long-term Data Archive Package\u0027 service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:43",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-22141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "versions from R3.08.10 to R3.09.00"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R4.01.00 to R4.03.00"
},
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\u0027Long-term Data Archive Package\u0027 service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-22141",
"datePublished": "2022-03-11T09:10:44",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T03:07:48.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-22151
Vulnerability from cvelistv5
Published
2022-03-11 09:10
Modified
2024-08-03 03:07
Severity ?
EPSS score ?
Summary
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
References
| ▼ | URL | Tags |
|---|---|---|
| https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Yokogawa Electric Corporation | CENTUM CS 3000 |
Version: versions from R3.08.10 to R3.09.00 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:48.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.08.10 to R3.09.00"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R4.01.00 to R4.03.00"
},
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117: Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:48",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-22151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "versions from R3.08.10 to R3.09.00"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R4.01.00 to R4.03.00"
},
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-117: Improper Output Neutralization for Logs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-22151",
"datePublished": "2022-03-11T09:10:48",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T03:07:48.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-5608
Vulnerability from cvelistv5
Published
2020-08-05 13:13
Modified
2024-08-04 08:30
Severity ?
EPSS score ?
Summary
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf | x_refsource_MISC | |
| https://jvn.jp/vu/JVNVU97997181/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Yokogawa Electric Corporation | CAMS for HIS |
Version: CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CAMS for HIS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-05T13:13:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CAMS for HIS",
"version": {
"version_data": [
{
"version_value": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU97997181/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5608",
"datePublished": "2020-08-05T13:13:02",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16196
Vulnerability from cvelistv5
Published
2019-01-09 22:00
Modified
2024-08-05 10:17
Severity ?
EPSS score ?
Summary
Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106442 | vdb-entry, x_refsource_BID | |
| https://jvn.jp/vu/JVNVU93652047/index.html | x_refsource_MISC | |
| https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Yokogawa Electric Corporation | Multiple Yokogawa products that contain Vnet/IP Open Communication Driver |
Version: (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106442"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU93652047/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "(CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90))"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver\u0027s communication via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-10T10:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "106442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106442"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU93652047/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver",
"version": {
"version_data": [
{
"version_value": "(CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90))"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver\u0027s communication via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106442"
},
{
"name": "https://jvn.jp/vu/JVNVU93652047/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU93652047/index.html"
},
{
"name": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16196",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-03-11 09:15
Modified
2024-11-21 06:47
Severity ?
Summary
CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7B6EFE-A886-4409-BE19-E67C0057265B",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD66947-E8ED-45FC-8A71-14D4CB8D7368",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67BFCAD6-7540-4279-92C5-9ADAB35CD4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D63842-D6A8-4FA1-B09C-71E9113FF95A",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D647BA49-5A43-437B-8C58-0294A452AF8D",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01914A03-6248-4183-94FE-64902B0D1DDF",
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDBFA61-421D-484C-B33E-938CD58BDCEE",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B25462B1-4031-4FAB-8C67-CF060BE472B3",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27CBFAD9-1DD0-4B18-B8F6-6EB8F6396556",
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E37ECBA-48F6-456A-AE49-83347A91208B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5233E5-DABF-4CCE-A92F-F437DECFBCB9",
"versionEndExcluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00."
},
{
"lang": "es",
"value": "CAMS for HIS Server contenido en los siguientes productos de Yokogawa Electric no autentican apropiadamente los paquetes de recepci\u00f3n. La autenticaci\u00f3n puede ser omitida por medio de algunos paquetes dise\u00f1ados: CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTUM VP versiones desde R4.01.00 a R4.03.00, desde R5.01.00 a R5.04.20, y desde R6.01.00 a R6.08.00, y Exaopc versiones desde R3.72.00 a R3.79.00"
}
],
"id": "CVE-2022-22729",
"lastModified": "2024-11-21T06:47:20.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-11T09:15:11.683",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-302"
}
],
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-05 19:15
Modified
2024-11-21 02:33
Severity ?
Summary
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | Not Applicable | |
| vultures@jpcert.or.jp | https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1B8CF6-8FC2-4E3A-AB76-73E987726C0E",
"versionEndIncluding": "r3.08.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E67CC9-AE79-4CEC-8B35-C191EB32760C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B0B579-F479-488F-8E62-DA698E2DA33F",
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111B964C-8A95-4751-829C-A5EEB0801D0A",
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67BFCAD6-7540-4279-92C5-9ADAB35CD4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CACAE33-FBCD-4C71-80F4-A0533846C41E",
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BA4DF1-5E0C-4E6D-9EF3-71A0CD57DB09",
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E37ECBA-48F6-456A-AE49-83347A91208B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1C8F8A-D82A-483E-958F-C210D6B152B7",
"versionEndIncluding": "r3.02.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16AC20D0-9D4F-42BF-B308-03343603CC3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "036843EA-6A69-411E-B0F5-FFA710E7C1AD",
"versionEndIncluding": "r3.72.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37D42D7A-D6E5-445F-B82B-E891DB489BC0",
"versionEndIncluding": "r3.96.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93B26B69-6D27-4123-8B98-A64F649488AF",
"versionEndIncluding": "r3.40.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "567F1E51-190B-4C7E-AB51-9E78D028C4C1",
"versionEndIncluding": "r2.85.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F434B396-76F3-43A0-BD20-8D43E78279DC",
"versionEndIncluding": "r2.50.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99EEE22E-7C6E-4B0C-92CC-542BE80CEA5E",
"versionEndIncluding": "r4.03.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFC7E5E-37A1-43B3-9276-F37B7B8708B7",
"versionEndIncluding": "r4.03.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5C6FDC-2AB5-461D-AB7B-FAD56A5BFD05",
"versionEndIncluding": "r2.01.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29DE5CB8-1677-40D3-B0F9-F2783F264715",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3A931F-E772-43FB-A771-76979044326F",
"versionEndIncluding": "r3.12.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:scada_software_\\(fast\\/tools\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0899439-BF70-4511-87CA-98AC62EBF40D",
"versionEndIncluding": "r10.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F29F7E5-54B9-4738-B8E5-B0E618C907BA",
"versionEndIncluding": "r7.30.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26466967-050B-4875-B2CD-BB918E33A7DC",
"versionEndIncluding": "r5.05.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C0600F-87E0-4CE5-ACB9-49F160DB3D33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63546CAB-2A76-4974-8B11-9893B7EC01E8",
"versionEndIncluding": "r7.03.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59BD08BA-2C44-4BD0-BAA1-AC9D304E2DAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD722C9-63AD-4A71-8916-0B27956420C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB2F7A7-847B-4C3E-B128-CAC09BF828CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "849A4355-8BF5-41E8-92B6-FCF28DFA2692",
"versionEndIncluding": "r3.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE5D11B-6877-4390-B9F6-6610761DB902",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en Yokogawa CENTUM CS 1000 versiones R3.08.70 y anteriores, CENTUM CS 3000 versiones R3.09.50 y anteriores, CENTUM CS 3000 Entry versiones R3.09.50 y anteriores, CENTUM VP versiones R5.04.20 y anteriores, CENTUM VP Entry versiones R5.04.20 y anteriores, ProSafe-RS versiones R3.02.10 y anteriores, Exaopc versiones R3.72.00 y anteriores, Exaquantum versiones R2.85.00 y anteriores, Exaquantum/Batch versiones R2.50.30 y anteriores, Exapilot versiones R3.96.10 y anteriores, Exaplog versiones R3.40.00 y anteriores, Exasmoc versiones R4.03.20 y anteriores, Exarqe versiones R4.03.20 y anteriores, Field Wireless Device OPC Server versiones R2.01.02 y anteriores, PRM versiones R3.12.00 y anteriores, STARDOM VDS versiones R7.30.01 y anteriores, STARDOM OPC Server for Windows versiones R3.40 y anteriores, FAST/TOOLS versiones R10.01 y anteriores, B/M9000CS versiones R5.05.01 y anteriores, B/M9000 VP versiones R7.03.04 y anteriores, y FieldMate versiones R1.01 o R1.02, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un paquete dise\u00f1ado."
}
],
"id": "CVE-2015-5628",
"lastModified": "2024-11-21T02:33:27.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-05T19:15:10.397",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Not Applicable"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-05 19:15
Modified
2024-11-21 02:33
Severity ?
Summary
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | Not Applicable | |
| vultures@jpcert.or.jp | https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1B8CF6-8FC2-4E3A-AB76-73E987726C0E",
"versionEndIncluding": "r3.08.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E67CC9-AE79-4CEC-8B35-C191EB32760C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B0B579-F479-488F-8E62-DA698E2DA33F",
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111B964C-8A95-4751-829C-A5EEB0801D0A",
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67BFCAD6-7540-4279-92C5-9ADAB35CD4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CACAE33-FBCD-4C71-80F4-A0533846C41E",
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BA4DF1-5E0C-4E6D-9EF3-71A0CD57DB09",
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E37ECBA-48F6-456A-AE49-83347A91208B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1C8F8A-D82A-483E-958F-C210D6B152B7",
"versionEndIncluding": "r3.02.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16AC20D0-9D4F-42BF-B308-03343603CC3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "036843EA-6A69-411E-B0F5-FFA710E7C1AD",
"versionEndIncluding": "r3.72.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37D42D7A-D6E5-445F-B82B-E891DB489BC0",
"versionEndIncluding": "r3.96.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93B26B69-6D27-4123-8B98-A64F649488AF",
"versionEndIncluding": "r3.40.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "567F1E51-190B-4C7E-AB51-9E78D028C4C1",
"versionEndIncluding": "r2.85.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F434B396-76F3-43A0-BD20-8D43E78279DC",
"versionEndIncluding": "r2.50.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99EEE22E-7C6E-4B0C-92CC-542BE80CEA5E",
"versionEndIncluding": "r4.03.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFC7E5E-37A1-43B3-9276-F37B7B8708B7",
"versionEndIncluding": "r4.03.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5C6FDC-2AB5-461D-AB7B-FAD56A5BFD05",
"versionEndIncluding": "r2.01.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29DE5CB8-1677-40D3-B0F9-F2783F264715",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3A931F-E772-43FB-A771-76979044326F",
"versionEndIncluding": "r3.12.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:scada_software_\\(fast\\/tools\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0899439-BF70-4511-87CA-98AC62EBF40D",
"versionEndIncluding": "r10.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F29F7E5-54B9-4738-B8E5-B0E618C907BA",
"versionEndIncluding": "r7.30.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26466967-050B-4875-B2CD-BB918E33A7DC",
"versionEndIncluding": "r5.05.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C0600F-87E0-4CE5-ACB9-49F160DB3D33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63546CAB-2A76-4974-8B11-9893B7EC01E8",
"versionEndIncluding": "r7.03.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59BD08BA-2C44-4BD0-BAA1-AC9D304E2DAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD722C9-63AD-4A71-8916-0B27956420C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB2F7A7-847B-4C3E-B128-CAC09BF828CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "849A4355-8BF5-41E8-92B6-FCF28DFA2692",
"versionEndIncluding": "r3.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE5D11B-6877-4390-B9F6-6610761DB902",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en Yokogawa CENTUM CS 1000 versiones R3.08.70 y anteriores, CENTUM CS 3000 versiones R3.09.50 y anteriores, CENTUM CS 3000 Entry versiones R3.09.50 y anteriores, CENTUM VP versiones R5.04.20 y anteriores, CENTUM VP Entry versiones R5.04.20 y anteriores, ProSafe-RS versiones R3.02.10 y anteriores, Exaopc versiones R3.72.00 y anteriores, Exaquantum versiones R2.85.00 y anteriores, Exaquantum/Batch versiones R2.50.30 y anteriores, Exapilot versiones R3.96.10 y anteriores, Exaplog versiones R3.40.00 y anteriores, Exasmoc versiones R4.03.20 y anteriores, Exarqe versiones R4.03.20 y anteriores, Field Wireless Device OPC Server versiones R2.01.02 y anteriores, PRM versiones R3.12.00 y anteriores, STARDOM VDS versiones R7.30.01 y anteriores, STARDOM OPC Server for Windows versiones R3.40 y anteriores, FAST/TOOLS versiones R10.01 y anteriores, B/M9000CS versiones R5.05.01 y anteriores, B/M9000 VP versiones R7.03.04 y anteriores, y FieldMate versiones R1.01 o R1.02, permite a atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n de comunicaciones de red) por medio de un paquete dise\u00f1ado."
}
],
"id": "CVE-2015-5626",
"lastModified": "2024-11-21T02:33:26.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-05T19:15:10.240",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Not Applicable"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-28 13:15
Modified
2024-11-21 07:03
Severity ?
Summary
Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/vu/JVNVU92819891/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf | Vendor Advisory | |
| vultures@jpcert.or.jp | https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf | Vendor Advisory | |
| vultures@jpcert.or.jp | https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU92819891/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7B6EFE-A886-4409-BE19-E67C0057265B",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_class_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F459A677-FC9F-42C6-A422-A5B8AF036935",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry_class:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF69433-979D-470A-85E5-4734E5998F63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D63842-D6A8-4FA1-B09C-71E9113FF95A",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D647BA49-5A43-437B-8C58-0294A452AF8D",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "844AD54B-ACAC-40A2-8A03-1536032DFBF3",
"versionEndIncluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_class_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3C914C-C755-42A3-BB6B-495EA1E49D24",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_class_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "97D7746F-EC59-40B6-9C4F-C214C1E597B2",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_class_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B55FD93-B02F-4A2B-8CA2-7B243BB11E31",
"versionEndIncluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry_class:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1FD75F-66BF-423E-A491-E5689C7B6AEF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "934616AD-FD83-4311-AA4E-6A2A06C34F08",
"versionEndIncluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:b\\/m9000_vp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA76D9D-CBD5-44E0-8462-9E704E8799BA",
"versionEndIncluding": "r8.03.01",
"versionStartIncluding": "r6.01.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:b\\/m9000cs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F2FE8C0-18CB-4D76-8287-743554CE7C44",
"versionEndIncluding": "r5.05.01",
"versionStartIncluding": "r5.04.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 \u0027For CENTUM VP Support CAMS for HIS\u0027 is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration."
},
{
"lang": "es",
"value": "Se presenta una violaci\u00f3n de los principios de dise\u00f1o seguro en la comunicaci\u00f3n de CAMS para HIS. Los productos y versiones afectados son: la serie CENTUM en la que est\u00e1 instalado el LHS4800 (CENTUM CS 3000 y CENTUM CS 3000 Small R3.08.10 a R3.09.00), la serie CENTUM en la que se usa la funci\u00f3n CAMS (CENTUM VP, CENTUM VP Small y CENTUM VP Basic R4.01.00 a R4.03. 00), la serie CENTUM independientemente del uso de la funci\u00f3n CAMS (CENTUM VP, CENTUM VP Small y CENTUM VP Basic R5.01.00 a R5.04.20 y R6.01.00 a R6.09.00), Exaopc R3. 72.00 a R3.80.00 (s\u00f3lo si est\u00e1 instalado el NTPF100-S6 \"Para CENTUM soporte VP CAMS para HIS\"), B/M9000 CS R5.04.01 a R5.05.01, y B/M9000 VP R6.01.01 a R8.03.01). Si un atacante adyacente logra comprometer un ordenador usando el software CAMS for HIS, puede usar las credenciales de la m\u00e1quina comprometida para acceder a los datos de otra m\u00e1quina que use el software CAMS for HIS. Esto puede conllevar a una inhabilitaci\u00f3n de las funciones del software CAMS for HIS en cualquier m\u00e1quina afectada, o la divulgaci\u00f3n/alteraci\u00f3n de informaci\u00f3n"
}
],
"id": "CVE-2022-30707",
"lastModified": "2024-11-21T07:03:13.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-28T13:15:12.497",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/vu/JVNVU92819891/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/vu/JVNVU92819891/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-05 14:15
Modified
2024-11-21 05:34
Severity ?
Summary
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yokogawa | centum_cs_3000_firmware | * | |
| yokogawa | centum_cs_3000 | - | |
| yokogawa | centum_vp_firmware | * | |
| yokogawa | centum_vp_firmware | * | |
| yokogawa | centum_vp_firmware | * | |
| yokogawa | centum_vp | - | |
| yokogawa | b\/m9000cs_firmware | * | |
| yokogawa | b\/m9000cs | - | |
| yokogawa | b\/m9000vp_firmware | * | |
| yokogawa | b\/m9000vp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB5C1D3-A410-478C-AEBC-7A85A30B39BC",
"versionEndIncluding": "r3.09.50",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D63842-D6A8-4FA1-B09C-71E9113FF95A",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D647BA49-5A43-437B-8C58-0294A452AF8D",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "041D122C-CAFD-4AA5-A45B-A51E2F024D67",
"versionEndIncluding": "r6.07.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3131E58F-D32D-4FDC-AAD1-DE7BBAC10659",
"versionEndIncluding": "r5.05.01",
"versionStartIncluding": "r5.04.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C0600F-87E0-4CE5-ACB9-49F160DB3D33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9458CCD1-1820-4395-95CD-AEAC589DA4B2",
"versionEndIncluding": "r8.03.01",
"versionStartIncluding": "r6.01.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86DDD4A8-FE34-4446-A0C2-4E282F881068",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad salto de directorio en CAMS para HIS CENTUM CS 3000 (incluye CENTUM CS 3000 Small) versiones R3.08.10 hasta R3.09.50, CENTUM VP (incluye CENTUM VP Small, Basic) versiones R4.01.00 hasta R6.07.00, B/M9000CS versiones R5.04.01 hasta R5.05.01 y B/M9000 VP versiones R6.01.01 hasta R8.03.01, permiten a un atacante remoto no autenticado crear o sobrescribir archivos arbitrarios y ejecutar comandos arbitrarios por medio de vectores no especificados"
}
],
"id": "CVE-2020-5609",
"lastModified": "2024-11-21T05:34:21.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-05T14:15:13.187",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-09 23:29
Modified
2024-11-21 03:52
Severity ?
Summary
Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/106442 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://jvn.jp/vu/JVNVU93652047/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106442 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/vu/JVNVU93652047/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yokogawa | centum_cs_3000_firmware | * | |
| yokogawa | centum_cs_3000 | - | |
| yokogawa | centum_cs_3000_entry_class | * | |
| yokogawa | centum_vp_firmware | * | |
| yokogawa | centum_vp | - | |
| yokogawa | centum_vp_entry_class | * | |
| yokogawa | b\/m9000_vp | * | |
| yokogawa | exaopc | * | |
| yokogawa | fast\/tools | * | |
| yokogawa | plant_resource_manager | * | |
| yokogawa | prosafe-rs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EBF753-16FD-40D3-8EED-D72C32883883",
"versionEndIncluding": "r3.09.50",
"versionStartIncluding": "r3.05.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000_entry_class:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B46C20CD-6CA3-4233-BBFF-66E7987C2150",
"versionEndIncluding": "r3.09.50",
"versionStartIncluding": "r3.05.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1045034-D824-4CC1-9326-EEBA3FB34AAA",
"versionEndIncluding": "r6.03.10",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:centum_vp_entry_class:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A0FF6A1-E352-4EC5-B34B-2C5276B970C9",
"versionEndIncluding": "r6.03.10",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:b\\/m9000_vp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8F81F5B-CDB6-4FF2-80CB-D1CA0ABF2C24",
"versionEndIncluding": "r8.01.90",
"versionStartIncluding": "r6.03.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFDEE53D-6CF1-4DAF-95DE-BE832CC2A9A0",
"versionEndIncluding": "r3.75.00",
"versionStartIncluding": "r3.10.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:fast\\/tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B22E279-3BFE-4F58-A639-7761559A1365",
"versionEndIncluding": "r10.02.00",
"versionStartIncluding": "r9.02.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67C8BD51-4D87-4BDF-AF28-68B327392BEE",
"versionEndIncluding": "r3.31.00",
"versionStartIncluding": "r2.06.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:prosafe-rs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96B459FD-0656-4E3F-A669-F5D07F60949C",
"versionEndIncluding": "r4.02.00",
"versionStartIncluding": "r1.02.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver\u0027s communication via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples productos Yokogawa que contienen el controlador Vnet/IP Open Communication (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00) y B/M9000 VP(R6.03.01 - R8.01.90)) permiten que atacantes remotos provoquen una denegaci\u00f3n de servicio (DoS) que podr\u00eda resultar en la detenci\u00f3n de la comunicaci\u00f3n del controlador Vnet/IP Open Communication mediante vectores sin especificar."
}
],
"id": "CVE-2018-16196",
"lastModified": "2024-11-21T03:52:16.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-09T23:29:04.560",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106442"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/vu/JVNVU93652047/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/vu/JVNVU93652047/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-11 09:15
Modified
2024-11-21 06:44
Severity ?
Summary
There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7B6EFE-A886-4409-BE19-E67C0057265B",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD66947-E8ED-45FC-8A71-14D4CB8D7368",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67BFCAD6-7540-4279-92C5-9ADAB35CD4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D63842-D6A8-4FA1-B09C-71E9113FF95A",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D647BA49-5A43-437B-8C58-0294A452AF8D",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01914A03-6248-4183-94FE-64902B0D1DDF",
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDBFA61-421D-484C-B33E-938CD58BDCEE",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B25462B1-4031-4FAB-8C67-CF060BE472B3",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27CBFAD9-1DD0-4B18-B8F6-6EB8F6396556",
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E37ECBA-48F6-456A-AE49-83347A91208B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5233E5-DABF-4CCE-A92F-F437DECFBCB9",
"versionEndExcluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de salto de ruta en CAMS para HIS Log Server contenida en los siguientes productos de Yokogawa Electric: CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTUM VP versiones desde R4.01.00 a R4.03.00, desde R5.01.00 a R5.04.20, y desde R6.01.00 a R6.08.00, Exaopc versiones desde R3.72.00 a R3.79.00"
}
],
"id": "CVE-2022-21177",
"lastModified": "2024-11-21T06:44:02.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-11T09:15:11.153",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-11 09:15
Modified
2024-11-21 06:46
Severity ?
Summary
CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7B6EFE-A886-4409-BE19-E67C0057265B",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD66947-E8ED-45FC-8A71-14D4CB8D7368",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67BFCAD6-7540-4279-92C5-9ADAB35CD4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D63842-D6A8-4FA1-B09C-71E9113FF95A",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D647BA49-5A43-437B-8C58-0294A452AF8D",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01914A03-6248-4183-94FE-64902B0D1DDF",
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDBFA61-421D-484C-B33E-938CD58BDCEE",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B25462B1-4031-4FAB-8C67-CF060BE472B3",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27CBFAD9-1DD0-4B18-B8F6-6EB8F6396556",
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E37ECBA-48F6-456A-AE49-83347A91208B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5233E5-DABF-4CCE-A92F-F437DECFBCB9",
"versionEndExcluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
},
{
"lang": "es",
"value": "CAMS for HIS Log Server contenido en los siguientes productos de Yokogawa Electric es vulnerable al consumo no controlado de recursos. CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTUM VP versiones desde R4.01.00 a R4.03.00, desde R5.01.00 a R5.04.20, desde R6.01.00 a R6.08.00, Exaopc versiones desde R3.72.00 a R3.79.00"
}
],
"id": "CVE-2022-22145",
"lastModified": "2024-11-21T06:46:15.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-11T09:15:11.517",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-05 14:15
Modified
2024-11-21 05:34
Severity ?
Summary
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| yokogawa | centum_cs_3000_firmware | * | |
| yokogawa | centum_cs_3000 | - | |
| yokogawa | centum_vp_firmware | * | |
| yokogawa | centum_vp_firmware | * | |
| yokogawa | centum_vp_firmware | * | |
| yokogawa | centum_vp | - | |
| yokogawa | b\/m9000cs_firmware | * | |
| yokogawa | b\/m9000cs | - | |
| yokogawa | b\/m9000vp_firmware | * | |
| yokogawa | b\/m9000vp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB5C1D3-A410-478C-AEBC-7A85A30B39BC",
"versionEndIncluding": "r3.09.50",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D63842-D6A8-4FA1-B09C-71E9113FF95A",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D647BA49-5A43-437B-8C58-0294A452AF8D",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "041D122C-CAFD-4AA5-A45B-A51E2F024D67",
"versionEndIncluding": "r6.07.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3131E58F-D32D-4FDC-AAD1-DE7BBAC10659",
"versionEndIncluding": "r5.05.01",
"versionStartIncluding": "r5.04.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C0600F-87E0-4CE5-ACB9-49F160DB3D33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9458CCD1-1820-4395-95CD-AEAC589DA4B2",
"versionEndIncluding": "r8.03.01",
"versionStartIncluding": "r6.01.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86DDD4A8-FE34-4446-A0C2-4E282F881068",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors."
},
{
"lang": "es",
"value": "CAMS para HIS CENTUM CS 3000 (incluye CENTUM CS 3000 Small) versiones R3.08.10 hasta R3.09.50, CENTUM VP (incluye CENTUM VP Small, Basic) versiones R4.01.00 hasta R6.07.00, B/M9000CS versiones R5.04.01 hasta R5.05.01, y B/M9000 VP versiones R6.01.01 hasta R8.03.01, permite a un atacante remoto no autenticado omitir la autenticaci\u00f3n y enviar paquetes de comunicaci\u00f3n alterados por medio de vectores no especificados"
}
],
"id": "CVE-2020-5608",
"lastModified": "2024-11-21T05:34:21.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-05T14:15:13.107",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-11 09:15
Modified
2024-11-21 06:45
Severity ?
Summary
Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7B6EFE-A886-4409-BE19-E67C0057265B",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD66947-E8ED-45FC-8A71-14D4CB8D7368",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67BFCAD6-7540-4279-92C5-9ADAB35CD4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D63842-D6A8-4FA1-B09C-71E9113FF95A",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D647BA49-5A43-437B-8C58-0294A452AF8D",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01914A03-6248-4183-94FE-64902B0D1DDF",
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDBFA61-421D-484C-B33E-938CD58BDCEE",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B25462B1-4031-4FAB-8C67-CF060BE472B3",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27CBFAD9-1DD0-4B18-B8F6-6EB8F6396556",
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E37ECBA-48F6-456A-AE49-83347A91208B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5233E5-DABF-4CCE-A92F-F437DECFBCB9",
"versionEndExcluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de salto de ruta en CAMS for HIS Server contenida en los siguientes productos de Yokogawa Electric: CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTUM VP versiones desde R4.01.00 a R4.03.00, desde R5.01.00 a R5.04.20, y desde R6.01.00 a R6.08.00, Exaopc versiones desde R3.72.00 a R3.79.00"
}
],
"id": "CVE-2022-21808",
"lastModified": "2024-11-21T06:45:28.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-11T09:15:11.407",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-11 09:15
Modified
2024-11-21 06:46
Severity ?
Summary
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf | Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7B6EFE-A886-4409-BE19-E67C0057265B",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD66947-E8ED-45FC-8A71-14D4CB8D7368",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67BFCAD6-7540-4279-92C5-9ADAB35CD4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D63842-D6A8-4FA1-B09C-71E9113FF95A",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D647BA49-5A43-437B-8C58-0294A452AF8D",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01914A03-6248-4183-94FE-64902B0D1DDF",
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDBFA61-421D-484C-B33E-938CD58BDCEE",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B25462B1-4031-4FAB-8C67-CF060BE472B3",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27CBFAD9-1DD0-4B18-B8F6-6EB8F6396556",
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E37ECBA-48F6-456A-AE49-83347A91208B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5233E5-DABF-4CCE-A92F-F437DECFBCB9",
"versionEndExcluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00."
},
{
"lang": "es",
"value": "CAMS for HIS Log Server contenido en los siguientes productos de Yokogawa Electric no neutraliza apropiadamente las salidas de registro: CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTUM VP versiones desde R4.01.00 a R4.03.00, de R5.01.00 a R5.04.20, y desde R6.01.00 a R6.08.00, y Exaopc versiones desde R3.72.00 a R3.79.00"
}
],
"id": "CVE-2022-22151",
"lastModified": "2024-11-21T06:46:15.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-11T09:15:11.627",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-117"
}
],
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-11 09:15
Modified
2024-11-21 06:48
Severity ?
Summary
The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7B6EFE-A886-4409-BE19-E67C0057265B",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD66947-E8ED-45FC-8A71-14D4CB8D7368",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67BFCAD6-7540-4279-92C5-9ADAB35CD4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D63842-D6A8-4FA1-B09C-71E9113FF95A",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D647BA49-5A43-437B-8C58-0294A452AF8D",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01914A03-6248-4183-94FE-64902B0D1DDF",
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDBFA61-421D-484C-B33E-938CD58BDCEE",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B25462B1-4031-4FAB-8C67-CF060BE472B3",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27CBFAD9-1DD0-4B18-B8F6-6EB8F6396556",
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E37ECBA-48F6-456A-AE49-83347A91208B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5233E5-DABF-4CCE-A92F-F437DECFBCB9",
"versionEndExcluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
},
{
"lang": "es",
"value": "Los siguientes productos de Yokogawa Electric contienen problemas de carga de DLL no segura. CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTUM VP versiones desde R4.01.00 a R4.03.00, desde R5.01.00 a R5.04.20, y desde R6.01.00 a R6.08.00, Exaopc versiones desde R3.72.00 a R3.79.00"
}
],
"id": "CVE-2022-23401",
"lastModified": "2024-11-21T06:48:31.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-11T09:15:11.873",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-05 19:15
Modified
2024-11-21 02:33
Severity ?
Summary
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | Not Applicable | |
| vultures@jpcert.or.jp | https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 | Mitigation, Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1B8CF6-8FC2-4E3A-AB76-73E987726C0E",
"versionEndIncluding": "r3.08.70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E67CC9-AE79-4CEC-8B35-C191EB32760C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B0B579-F479-488F-8E62-DA698E2DA33F",
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111B964C-8A95-4751-829C-A5EEB0801D0A",
"versionEndIncluding": "r3.09.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67BFCAD6-7540-4279-92C5-9ADAB35CD4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CACAE33-FBCD-4C71-80F4-A0533846C41E",
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BA4DF1-5E0C-4E6D-9EF3-71A0CD57DB09",
"versionEndIncluding": "r5.04.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E37ECBA-48F6-456A-AE49-83347A91208B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1C8F8A-D82A-483E-958F-C210D6B152B7",
"versionEndIncluding": "r3.02.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16AC20D0-9D4F-42BF-B308-03343603CC3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "036843EA-6A69-411E-B0F5-FFA710E7C1AD",
"versionEndIncluding": "r3.72.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37D42D7A-D6E5-445F-B82B-E891DB489BC0",
"versionEndIncluding": "r3.96.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93B26B69-6D27-4123-8B98-A64F649488AF",
"versionEndIncluding": "r3.40.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "567F1E51-190B-4C7E-AB51-9E78D028C4C1",
"versionEndIncluding": "r2.85.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F434B396-76F3-43A0-BD20-8D43E78279DC",
"versionEndIncluding": "r2.50.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99EEE22E-7C6E-4B0C-92CC-542BE80CEA5E",
"versionEndIncluding": "r4.03.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFC7E5E-37A1-43B3-9276-F37B7B8708B7",
"versionEndIncluding": "r4.03.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5C6FDC-2AB5-461D-AB7B-FAD56A5BFD05",
"versionEndIncluding": "r2.01.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29DE5CB8-1677-40D3-B0F9-F2783F264715",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3A931F-E772-43FB-A771-76979044326F",
"versionEndIncluding": "r3.12.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:scada_software_\\(fast\\/tools\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0899439-BF70-4511-87CA-98AC62EBF40D",
"versionEndIncluding": "r10.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F29F7E5-54B9-4738-B8E5-B0E618C907BA",
"versionEndIncluding": "r7.30.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26466967-050B-4875-B2CD-BB918E33A7DC",
"versionEndIncluding": "r5.05.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C0600F-87E0-4CE5-ACB9-49F160DB3D33",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:b\\/m9000_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63546CAB-2A76-4974-8B11-9893B7EC01E8",
"versionEndIncluding": "r7.03.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:b\\/m9000_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59BD08BA-2C44-4BD0-BAA1-AC9D304E2DAF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD722C9-63AD-4A71-8916-0B27956420C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB2F7A7-847B-4C3E-B128-CAC09BF828CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "849A4355-8BF5-41E8-92B6-FCF28DFA2692",
"versionEndIncluding": "r3.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE5D11B-6877-4390-B9F6-6610761DB902",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en Yokogawa CENTUM CS 1000 versiones R3.08.70 y anteriores, CENTUM CS 3000 versiones R3.09.50 y anteriores, CENTUM CS 3000 Entry versiones R3.09.50 y anteriores, CENTUM VP versiones R5.04.20 y anteriores, CENTUM VP Entry versiones R5.04.20 y anteriores, ProSafe-RS versiones R3.02.10 y anteriores, Exaopc versiones R3.72.00 y anteriores, Exaquantum versiones R2.85.00 y anteriores, Exaquantum/Batch versiones R2.50.30 y anteriores, Exapilot versiones R3.96.10 y anteriores, Exaplog versiones R3.40.00 y anteriores, Exasmoc versiones R4.03.20 y anteriores, Exarqe versiones R4.03.20 y anteriores, Field Wireless Device OPC Server versiones R2.01.02 y anteriores, PRM versiones R3.12.00 y anteriores, STARDOM VDS versiones R7.30.01 y anteriores, STARDOM OPC Server for Windows versiones R3.40 y anteriores, FAST/TOOLS versiones R10.01 y anteriores, B/M9000CS versiones R5.05.01 y anteriores, B/M9000 VP versiones R7.03.04 y anteriores, y FieldMate versiones R1.01 o R1.02, permite a atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n del proceso) por medio de un paquete dise\u00f1ado."
}
],
"id": "CVE-2015-5627",
"lastModified": "2024-11-21T02:33:26.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-05T19:15:10.350",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Not Applicable"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-11 09:15
Modified
2024-11-21 06:46
Severity ?
Summary
'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7B6EFE-A886-4409-BE19-E67C0057265B",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD66947-E8ED-45FC-8A71-14D4CB8D7368",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67BFCAD6-7540-4279-92C5-9ADAB35CD4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D63842-D6A8-4FA1-B09C-71E9113FF95A",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D647BA49-5A43-437B-8C58-0294A452AF8D",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01914A03-6248-4183-94FE-64902B0D1DDF",
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDBFA61-421D-484C-B33E-938CD58BDCEE",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B25462B1-4031-4FAB-8C67-CF060BE472B3",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27CBFAD9-1DD0-4B18-B8F6-6EB8F6396556",
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E37ECBA-48F6-456A-AE49-83347A91208B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5233E5-DABF-4CCE-A92F-F437DECFBCB9",
"versionEndExcluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\u0027Root Service\u0027 service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
},
{
"lang": "es",
"value": "El servicio \"Root Service\" implementado en los siguientes productos de Yokogawa Electric crea algunas tuber\u00edas con nombre con una configuraci\u00f3n ACL incorrecta. CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTUM VP versiones desde R4.01.00 a R4.03.00, desde R5.01.00 a R5.04.20, y desde R6.01.00 a R6.08.00, Exaopc versiones desde R3.72.00 a R3.79.00"
}
],
"id": "CVE-2022-22148",
"lastModified": "2024-11-21T06:46:15.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-11T09:15:11.573",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-11 09:15
Modified
2024-11-21 06:46
Severity ?
Summary
'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7B6EFE-A886-4409-BE19-E67C0057265B",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD66947-E8ED-45FC-8A71-14D4CB8D7368",
"versionEndIncluding": "r3.09.00",
"versionStartIncluding": "r3.08.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67BFCAD6-7540-4279-92C5-9ADAB35CD4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D63842-D6A8-4FA1-B09C-71E9113FF95A",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D647BA49-5A43-437B-8C58-0294A452AF8D",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01914A03-6248-4183-94FE-64902B0D1DDF",
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDBFA61-421D-484C-B33E-938CD58BDCEE",
"versionEndIncluding": "r4.03.00",
"versionStartIncluding": "r4.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B25462B1-4031-4FAB-8C67-CF060BE472B3",
"versionEndIncluding": "r5.04.20",
"versionStartIncluding": "r5.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27CBFAD9-1DD0-4B18-B8F6-6EB8F6396556",
"versionEndExcluding": "r6.09.00",
"versionStartIncluding": "r6.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E37ECBA-48F6-456A-AE49-83347A91208B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D5233E5-DABF-4CCE-A92F-F437DECFBCB9",
"versionEndExcluding": "r3.80.00",
"versionStartIncluding": "r3.72.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\u0027Long-term Data Archive Package\u0027 service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
},
{
"lang": "es",
"value": "El servicio \"Long-term Data Archive Package\" implementado en los siguientes productos de Yokogawa Electric crea algunas tuber\u00edas con nombre con una configuraci\u00f3n inapropiada de ACL. CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTUM VP versiones desde R4.01.00 a R4.03.00, desde R5.01.00 a R5.04.20, y desde R6.01.00 a R6.08.00, Exaopc versiones desde R3.72.00 a R3.79.00"
}
],
"id": "CVE-2022-22141",
"lastModified": "2024-11-21T06:46:14.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-11T09:15:11.460",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}