All the vulnerabilites related to yokogawa - insightsuiteae
var-201912-0068
Vulnerability from variot
An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. Provided by Yokogawa Electric Corporation plural Windows The application has Windows Service executable file path is not quoted (CWE-428) Exists. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Is a developer and the United States ICS-CERT I made adjustments with.Windows If the executable file path of the service contains spaces and is not enclosed in quotation marks, the path containing the spaces may be used to execute an invalid file with the authority of the service. Yokogawa Exaopc, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Exaopc is an OPC data access server. Exaquantum is a plant information management system (PIMS) for the process industry. InsightSuiteAE is a set of solutions for monitoring, diagnosing and optimizing plant assets. Security flaws exist in several Yokogaw products. An attacker could exploit this vulnerability to execute malicious files. The following products and versions are affected: Yokogaw Exaopc (version R1.01.00 to version R3.77.00); Exaplog (version R1.10.00 to version R3.40.00); Exaquantum (version R1.10.00 to version R3.02.00; Exaquantum/Batch ( R1.01.00 to R2.50.40); Exasmoc (all versions); Exarqe (all versions); GA10 (R1.01.01 to R3.05.01) and InsightSuiteAE (R1.01.00 to R1.06.00)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0068",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "exaopc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.77.00"
},
{
"model": "exasmoc",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "*"
},
{
"model": "insightsuiteae",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.01.00"
},
{
"model": "ga10",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.05.01"
},
{
"model": "exaopc",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.01.00"
},
{
"model": "exaplog",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.10.00"
},
{
"model": "exaquantum\\/batch",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.01.00"
},
{
"model": "exarqe",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "*"
},
{
"model": "ga10",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.01.01"
},
{
"model": "exaquantum\\/batch",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r2.50.40"
},
{
"model": "insightsuiteae",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.06.00"
},
{
"model": "exaquantum",
"scope": "gte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r1.10.00"
},
{
"model": "exaquantum",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.02.00"
},
{
"model": "exaplog",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.30.00"
},
{
"model": "exapilot",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "insightsuiteae",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "exaquantum/batch",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "stardom vds",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "ia\u30b7\u30b9\u30c6\u30e0\u88fd\u54c1\u4eee\u60f3\u5316\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "exaplog",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "\u30d5\u30a3\u30fc\u30eb\u30c9\u7121\u7dda\u7528opc\u30b5\u30fc\u30d0",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "prosafe-rs",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "prm",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "exasmoc",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "exarqe",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "ga10",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "exaquantum",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "stardom fcn/fcj opc \u30b5\u30fc\u30d0",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "exaopc",
"scope": null,
"trust": 0.8,
"vendor": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009728"
},
{
"db": "NVD",
"id": "CVE-2019-6008"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.77.00",
"versionStartIncluding": "r1.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.30.00",
"versionStartIncluding": "r1.10.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.02.00",
"versionStartIncluding": "r1.10.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "r2.50.40",
"versionStartIncluding": "r1.01.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:ga10:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.05.01",
"versionStartIncluding": "r1.01.01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:insightsuiteae:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "r1.06.00",
"versionStartIncluding": "r1.01.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6008"
}
]
},
"cve": "CVE-2019-6008",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-009728",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-157443",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-009728",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6008",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2019-009728",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-007",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-157443",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157443"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009728"
},
{
"db": "NVD",
"id": "CVE-2019-6008"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-007"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. Provided by Yokogawa Electric Corporation plural Windows The application has Windows Service executable file path is not quoted (CWE-428) Exists. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Is a developer and the United States ICS-CERT I made adjustments with.Windows If the executable file path of the service contains spaces and is not enclosed in quotation marks, the path containing the spaces may be used to execute an invalid file with the authority of the service. Yokogawa Exaopc, etc. are all products of Japan\u0027s Yokogawa Electric (Yokogawa) company. Exaopc is an OPC data access server. Exaquantum is a plant information management system (PIMS) for the process industry. InsightSuiteAE is a set of solutions for monitoring, diagnosing and optimizing plant assets. Security flaws exist in several Yokogaw products. An attacker could exploit this vulnerability to execute malicious files. The following products and versions are affected: Yokogaw Exaopc (version R1.01.00 to version R3.77.00); Exaplog (version R1.10.00 to version R3.40.00); Exaquantum (version R1.10.00 to version R3.02.00; Exaquantum/Batch ( R1.01.00 to R2.50.40); Exasmoc (all versions); Exarqe (all versions); GA10 (R1.01.01 to R3.05.01) and InsightSuiteAE (R1.01.00 to R1.06.00)",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6008"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009728"
},
{
"db": "VULHUB",
"id": "VHN-157443"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVNVU98228725",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2019-6008",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-19-274-02",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009728",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-007",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3696",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-157443",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157443"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009728"
},
{
"db": "NVD",
"id": "CVE-2019-6008"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-007"
}
]
},
"id": "VAR-201912-0068",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-157443"
}
],
"trust": 0.38947368000000004
},
"last_update_date": "2023-12-18T13:52:06.071000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "YSAR-19-0003",
"trust": 0.8,
"url": "https://www.yokogawa.co.jp/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"title": "Multiple Yokogawa Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98759"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009728"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-007"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-428",
"trust": 1.1
},
{
"problemtype": "Unquoted search path or element (CWE-428) [JPCERT/CC Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157443"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009728"
},
{
"db": "NVD",
"id": "CVE-2019-6008"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://jvn.jp/vu/jvnvu98228725/index.html"
},
{
"trust": 1.7,
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6008"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-02"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu98228725/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3696/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157443"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009728"
},
{
"db": "NVD",
"id": "CVE-2019-6008"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-007"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-157443"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009728"
},
{
"db": "NVD",
"id": "CVE-2019-6008"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-007"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-26T00:00:00",
"db": "VULHUB",
"id": "VHN-157443"
},
{
"date": "2019-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009728"
},
{
"date": "2019-12-26T16:15:10.967000",
"db": "NVD",
"id": "CVE-2019-6008"
},
{
"date": "2019-10-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-007"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-157443"
},
{
"date": "2021-09-07T05:45:00",
"db": "JVNDB",
"id": "JVNDB-2019-009728"
},
{
"date": "2020-01-08T20:39:16.610000",
"db": "NVD",
"id": "CVE-2019-6008"
},
{
"date": "2021-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-007"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-007"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yokogawa products register \u00a0Windows\u00a0 A vulnerability in which the path of an executable file is not quoted in the service",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009728"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-007"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2019-12-26 16:15
Modified
2024-11-21 04:45
Severity ?
Summary
An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "91D6B3D6-E908-4E19-AB94-5498B12ED834",
"versionEndIncluding": "r3.77.00",
"versionStartIncluding": "r1.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6D99F269-84E5-4DC1-B17E-D3288138959F",
"versionEndIncluding": "r3.30.00",
"versionStartIncluding": "r1.10.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F2F5BE9D-2150-4EEC-B749-E2F552653293",
"versionEndIncluding": "r3.02.00",
"versionStartIncluding": "r1.10.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "95A37F00-92D1-4437-86E3-16606C700169",
"versionEndIncluding": "r2.50.40",
"versionStartIncluding": "r1.01.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A0563434-02C4-45D2-B119-5586F823281D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "2CC76876-D26E-4DE8-8403-4676A2B41923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:ga10:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "859D7D36-8EAF-4368-93B0-5891DD1A14B0",
"versionEndIncluding": "r3.05.01",
"versionStartIncluding": "r1.01.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yokogawa:insightsuiteae:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "4996F8C8-E3BD-425B-AD64-14A98786A2C1",
"versionEndIncluding": "r1.06.00",
"versionStartIncluding": "r1.01.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ruta de b\u00fasqueda sin comillas en varios productos de Yokogawa para Windows (Exaopc (R1.01.00 hasta R3.77.00), Exaplog (R1.10.00 hasta R3.40.00), Exaquantum (R1.10.00 hasta R3.02.00 y R3.15.00), Exaquantum/Batch (R1.01.00 hasta R2.50.40), Exasmoc (todas las revisiones), Exarqe (todas las revisiones), GA10 (R1.01.01 hasta R3.05.01) e InsightSuiteAE (R1.01.00 hasta R1.06.00)), permite a usuarios locales alcanzar privilegios por medio de un archivo ejecutable de tipo caballo de Troya y ejecutar c\u00f3digo arbitrario con privilegios elevados."
}
],
"id": "CVE-2019-6008",
"lastModified": "2024-11-21T04:45:54.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-26T16:15:10.967",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/vu/JVNVU98228725/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/vu/JVNVU98228725/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-428"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2019-6008
Vulnerability from cvelistv5
Published
2019-12-26 15:16
Modified
2024-08-04 20:09
Severity ?
EPSS score ?
Summary
An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/ | x_refsource_MISC | |
| http://jvn.jp/vu/JVNVU98228725/index.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Yokogawa Electric Corporation | Multiple Yokogawa products for Windows |
Version: Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/vu/JVNVU98228725/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple Yokogawa products for Windows",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:49",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/vu/JVNVU98228725/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multiple Yokogawa products for Windows",
"version": {
"version_data": [
{
"version_value": "Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/",
"refsource": "MISC",
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"name": "http://jvn.jp/vu/JVNVU98228725/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/vu/JVNVU98228725/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6008",
"datePublished": "2019-12-26T15:16:49",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:24.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}