Search criteria
30 vulnerabilities by Yokogawa Electric Corporation
CVE-2025-1863 (GCVE-0-2025-1863)
Vulnerability from cvelistv5 – Published: 2025-04-18 05:55 – Updated: 2025-04-18 12:00
VLAI?
Summary
Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.
This issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; μR10000 / μR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions.
Severity ?
9.8 (Critical)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | GX10 / GX20 / GP10 / GP20 Paperless Recorders |
Affected:
R5.04.01 or earlier
(custom)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T11:39:17.017969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T12:00:37.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GX10 / GX20 / GP10 / GP20 Paperless Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "R5.04.01 or earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "GM Data Acquisition System",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "R5.05.01 or earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DX1000 / DX2000 / DX1000N Paperless Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "R4.21 or earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "FX1000 Paperless Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "R1.31 or earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "\u03bcR10000 / \u03bcR20000 Chart Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "R1.51 or earlier",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "MW100 Data Acquisition Units",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "DX1000T / DX2000T Paperless Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "CX1000 / CX2000 Paperless Recorders",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "All versions",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-04-17T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.\u003cbr\u003e\u003cp\u003eThis issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; \u03bcR10000 / \u03bcR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions.\u003c/p\u003e"
}
],
"value": "Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.\nThis issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; \u03bcR10000 / \u03bcR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T05:55:26.303Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/36974/files/YSAR-25-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure default settings for recorder products",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2025-1863",
"datePublished": "2025-04-18T05:55:26.303Z",
"dateReserved": "2025-03-03T05:46:48.396Z",
"dateUpdated": "2025-04-18T12:00:37.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8110 (GCVE-0-2024-8110)
Vulnerability from cvelistv5 – Published: 2024-09-17 02:04 – Updated: 2024-09-17 15:04
VLAI?
Summary
Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer.
If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart.
If both the active and standby computers are restarted at the same time, the functionality on that computer may be temporarily unavailable.
Severity ?
7.5 (High)
CWE
- CWE-252 - Unchecked Return Value
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | Dual-redundant Platform for Computer (PC2CKM) |
Affected:
R1.01.00 , ≤ R2.03.00
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:yokogawa:dual-redundant_platform_for_computer_\\(pc2ckm\\):*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "dual-redundant_platform_for_computer_\\(pc2ckm\\)",
"vendor": "yokogawa",
"versions": [
{
"lessThanOrEqual": "r2.03.00",
"status": "affected",
"version": "r1.01.00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8110",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T14:57:26.649250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T15:04:05.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Dual-redundant Platform for Computer (PC2CKM)",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R2.03.00",
"status": "affected",
"version": "R1.01.00",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-09-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer.\u003cbr\u003eIf a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart.\u003cbr\u003eIf both the active and standby computers are restarted at the same time, the functionality on that computer may be temporarily unavailable."
}
],
"value": "Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer.\nIf a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart.\nIf both the active and standby computers are restarted at the same time, the functionality on that computer may be temporarily unavailable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252 Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T02:04:53.739Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/36276/files/YSAR-24-0003-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2024-8110",
"datePublished": "2024-09-17T02:04:53.739Z",
"dateReserved": "2024-08-23T01:00:38.184Z",
"dateUpdated": "2024-09-17T15:04:05.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4106 (GCVE-0-2024-4106)
Vulnerability from cvelistv5 – Published: 2024-06-26 05:30 – Updated: 2024-08-01 20:33
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product.
The affected products and versions are as follows:
FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
CI Server R1.01.00 to R1.03.00
Severity ?
5.3 (Medium)
CWE
- CWE-258 - Empty Password in Configuration File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:yokogawa_electric_corporation:fast_tools:r901:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fast_tools",
"vendor": "yokogawa_electric_corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "r901",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:yokogawa_electric_corporation:ci_server:r1.01.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ci_server",
"vendor": "yokogawa_electric_corporation",
"versions": [
{
"lessThanOrEqual": "R1.03.00",
"status": "affected",
"version": "r1.01.00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T13:07:16.655100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T13:16:08.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "CI Server",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R1.03.00",
"status": "affected",
"version": "R1.01.00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product.\u003cbr\u003eThe affected products and versions are as follows:\u003cbr\u003eFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\u003cbr\u003eCI Server R1.01.00 to R1.03.00"
}
],
"value": "A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product.\nThe affected products and versions are as follows:\nFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\nCI Server R1.01.00 to R1.03.00"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-258",
"description": "CWE-258 Empty Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T05:30:33.928Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2024-4106",
"datePublished": "2024-06-26T05:30:33.928Z",
"dateReserved": "2024-04-23T23:06:05.616Z",
"dateUpdated": "2024-08-01T20:33:52.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4105 (GCVE-0-2024-4105)
Vulnerability from cvelistv5 – Published: 2024-06-26 05:25 – Updated: 2024-08-01 20:33
VLAI?
Summary
A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC.
The affected products and versions are as follows:
FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
CI Server R1.01.00 to R1.03.00
Severity ?
5.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | FAST/TOOLS |
Affected:
R9.01 , ≤ R10.04
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4105",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T17:29:58.387431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T17:30:23.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "FAST/TOOLS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R10.04",
"status": "affected",
"version": "R9.01",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "CI Server",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R1.03.00",
"status": "affected",
"version": "R1.01.00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in FAST/TOOLS and CI Server. The affected product\u0027s WEB HMI server\u0027s function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC.\u003cbr\u003eThe affected products and versions are as follows:\u003cbr\u003eFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\u003cbr\u003eCI Server R1.01.00 to R1.03.00"
}
],
"value": "A vulnerability has been found in FAST/TOOLS and CI Server. The affected product\u0027s WEB HMI server\u0027s function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product URL containing a malicious request, the malicious script may be executed on the client PC.\nThe affected products and versions are as follows:\nFAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04\nCI Server R1.01.00 to R1.03.00"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T05:25:04.524Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2024-4105",
"datePublished": "2024-06-26T05:25:04.524Z",
"dateReserved": "2024-04-23T23:06:00.203Z",
"dateUpdated": "2024-08-01T20:33:52.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5650 (GCVE-0-2024-5650)
Vulnerability from cvelistv5 – Published: 2024-06-17 06:21 – Updated: 2024-08-01 21:18
VLAI?
Summary
DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to execute arbitrary programs with the authority of the SYSTEM account.
The affected products and versions are as follows:
CENTUM CS 3000 R3.08.10 to R3.09.50
CENTUM VP R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, R6.01.00 to R6.11.10.
Severity ?
8.5 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | CENTUM CS 3000 |
Affected:
R3.08.10 , ≤ R3.09.50
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:yokogawa:centum_cs_3000:r3.08.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "centum_cs_3000",
"vendor": "yokogawa",
"versions": [
{
"lessThanOrEqual": "r3.09.50",
"status": "affected",
"version": "r3.08.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:yokogawa:centum_vp:r4.01.00:*:*:*:-:*:*:*"
],
"defaultStatus": "unknown",
"product": "centum_vp",
"vendor": "yokogawa",
"versions": [
{
"lessThanOrEqual": "f4.03.00",
"status": "affected",
"version": "r4.01.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:yokogawa:centum_vp:r6.01.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "centum_vp",
"vendor": "yokogawa",
"versions": [
{
"lessThanOrEqual": "r5.04.20",
"status": "affected",
"version": "r5.01.00",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:yokogawa:centum_vp:r6.01.00:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "centum_vp",
"vendor": "yokogawa",
"versions": [
{
"lessThanOrEqual": "r6.11.10",
"status": "affected",
"version": "r6.01.00",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T13:51:30.100377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T13:51:32.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/36044/files/YSAR-24-0002-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R3.09.50",
"status": "affected",
"version": "R3.08.10",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"lessThanOrEqual": "R4.03.00",
"status": "affected",
"version": "R4.01.00",
"versionType": "custom"
},
{
"lessThanOrEqual": "R5.04.20",
"status": "affected",
"version": "R5.01.00",
"versionType": "custom"
},
{
"lessThanOrEqual": "R6.11.10",
"status": "affected",
"version": "R6.01.00",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-06-17T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to execute arbitrary programs with the authority of the SYSTEM account.\u003cbr\u003e\u003cbr\u003eThe affected products and versions are as follows:\u003cbr\u003eCENTUM CS 3000 R3.08.10 to R3.09.50\u003cbr\u003eCENTUM VP R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, R6.01.00 to R6.11.10."
}
],
"value": "DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to execute arbitrary programs with the authority of the SYSTEM account.\n\nThe affected products and versions are as follows:\nCENTUM CS 3000 R3.08.10 to R3.09.50\nCENTUM VP R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, R6.01.00 to R6.11.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T06:21:31.387Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://web-material3.yokogawa.com/1/36044/files/YSAR-24-0002-E.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2024-5650",
"datePublished": "2024-06-17T06:21:31.387Z",
"dateReserved": "2024-06-05T05:32:13.103Z",
"dateUpdated": "2024-08-01T21:18:06.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5915 (GCVE-0-2023-5915)
Vulnerability from cvelistv5 – Published: 2023-12-01 06:12 – Updated: 2024-08-02 08:14
VLAI?
Summary
A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller’s operation is not stopped by the condition.
The affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | STARDOM |
Affected:
STARDOM FCN/FCJ R1.01 to R4.31
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/35463/files/YSAR-23-0003-E.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU95177889/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "STARDOM",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "STARDOM FCN/FCJ R1.01 to R4.31"
}
]
}
],
"datePublic": "2023-12-01T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation.\u0026nbsp;This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller\u2019s operation is not stopped by the condition.\u003cbr\u003e\u003cbr\u003eThe affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31.\u003cbr\u003e"
}
],
"value": "A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation.\u00a0This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller\u2019s operation is not stopped by the condition.\n\nThe affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31.\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-01T06:14:45.335Z",
"orgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"shortName": "YokogawaGroup"
},
"references": [
{
"url": "https://web-material3.yokogawa.com/1/35463/files/YSAR-23-0003-E.pdf"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-02"
},
{
"url": "https://jvn.jp/vu/JVNVU95177889/index.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7168b535-132a-4efe-a076-338f829b2eb9",
"assignerShortName": "YokogawaGroup",
"cveId": "CVE-2023-5915",
"datePublished": "2023-12-01T06:12:03.581Z",
"dateReserved": "2023-11-02T04:37:11.569Z",
"dateUpdated": "2024-08-02T08:14:24.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26593 (GCVE-0-2023-26593)
Vulnerability from cvelistv5 – Published: 2023-04-11 00:00 – Updated: 2025-02-10 18:54
VLAI?
Summary
CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later
Severity ?
7.8 (High)
CWE
- Cleartext storage of sensitive information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | CENTUM series |
Affected:
CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:53.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU98775218/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-26593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-10T18:54:43.712593Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T18:54:49.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CENTUM series",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cleartext storage of sensitive information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98775218/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-26593",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-02-10T18:54:49.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-33939 (GCVE-0-2022-33939)
Vulnerability from cvelistv5 – Published: 2022-08-16 07:00 – Updated: 2024-08-03 08:16
VLAI?
Summary
CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product.
Severity ?
No CVSS data available.
CWE
- Denial-of-service (DoS)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | CENTUM VP / CS 3000 controller FCS |
Affected:
CP31, CP33, CP345, CP401, CP451
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:15.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/33029/files/YSAR-22-0008-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/19/33029/files/YSAR-22-0008-J.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU94343729/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM VP / CS 3000 controller FCS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CP31, CP33, CP345, CP401, CP451"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-16T07:00:46",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/1/33029/files/YSAR-22-0008-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/19/33029/files/YSAR-22-0008-J.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU94343729/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-33939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM VP / CS 3000 controller FCS",
"version": {
"version_data": [
{
"version_value": "CP31, CP33, CP345, CP401, CP451"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/33029/files/YSAR-22-0008-E.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/1/33029/files/YSAR-22-0008-E.pdf"
},
{
"name": "https://web-material3.yokogawa.com/19/33029/files/YSAR-22-0008-J.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/19/33029/files/YSAR-22-0008-J.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU94343729/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU94343729/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-33939",
"datePublished": "2022-08-16T07:00:46",
"dateReserved": "2022-07-08T00:00:00",
"dateUpdated": "2024-08-03T08:16:15.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32284 (GCVE-0-2022-32284)
Vulnerability from cvelistv5 – Published: 2022-07-04 01:50 – Updated: 2024-08-03 07:39
VLAI?
Summary
Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet.
Severity ?
No CVSS data available.
CWE
- Use of Insufficiently Random Values
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | Communication Module for Wide Area Communication Router (for AW810D) VI461 |
Affected:
Vnet/IP firmware (F) R12 or earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:51.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32825/files/YSAR-22-0005-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/19/32825/files/YSAR-22-0005-J.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU95343906/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Communication Module for Wide Area Communication Router (for AW810D) VI461",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Vnet/IP firmware (F) R12 or earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Insufficiently Random Values",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-04T01:50:38",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/1/32825/files/YSAR-22-0005-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/19/32825/files/YSAR-22-0005-J.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU95343906/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-32284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Communication Module for Wide Area Communication Router (for AW810D) VI461",
"version": {
"version_data": [
{
"version_value": "Vnet/IP firmware (F) R12 or earlier"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Insufficiently Random Values"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32825/files/YSAR-22-0005-E.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/1/32825/files/YSAR-22-0005-E.pdf"
},
{
"name": "https://web-material3.yokogawa.com/19/32825/files/YSAR-22-0005-J.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/19/32825/files/YSAR-22-0005-J.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU95343906/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU95343906/index.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-32284",
"datePublished": "2022-07-04T01:50:38",
"dateReserved": "2022-06-23T00:00:00",
"dateUpdated": "2024-08-03T07:39:51.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30997 (GCVE-0-2022-30997)
Vulnerability from cvelistv5 – Published: 2022-06-28 10:06 – Updated: 2024-08-03 07:03
VLAI?
Summary
Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware.
Severity ?
6.3 (Medium)
CWE
- Use of Hard-coded Credentials
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | STARDOM Controller |
Affected:
STARDOM FCN Controller and FCJ Controller R4.10 to R4.31
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:yokogawa:stardom_fcj_firmware:r4.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "stardom_fcj_firmware",
"vendor": "yokogawa",
"versions": [
{
"lessThanOrEqual": "r4.31",
"status": "affected",
"version": "r4.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:yokogawa:stardom_fcn_firmware:r4.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "stardom_fcn_firmware",
"vendor": "yokogawa",
"versions": [
{
"lessThanOrEqual": "r4.31",
"status": "affected",
"version": "r4.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-30997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T19:56:59.327177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T20:01:46.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU95452299/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "STARDOM Controller",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "STARDOM FCN Controller and FCJ Controller R4.10 to R4.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T10:06:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU95452299/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-30997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "STARDOM Controller",
"version": {
"version_data": [
{
"version_value": "STARDOM FCN Controller and FCJ Controller R4.10 to R4.31"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
},
{
"name": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU95452299/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU95452299/index.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-30997",
"datePublished": "2022-06-28T10:06:01",
"dateReserved": "2022-05-31T00:00:00",
"dateUpdated": "2024-08-03T07:03:40.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30707 (GCVE-0-2022-30707)
Vulnerability from cvelistv5 – Published: 2022-06-28 10:05 – Updated: 2024-08-03 06:56
VLAI?
Summary
Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration.
Severity ?
No CVSS data available.
CWE
- Violation of Secure Design Principles
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | CAMS for HIS |
Affected:
CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU92819891/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CAMS for HIS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 \u0027For CENTUM VP Support CAMS for HIS\u0027 is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 \u0027For CENTUM VP Support CAMS for HIS\u0027 is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Violation of Secure Design Principles",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T10:05:59",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU92819891/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-30707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CAMS for HIS",
"version": {
"version_data": [
{
"version_value": "CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 \u0027For CENTUM VP Support CAMS for HIS\u0027 is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 \u0027For CENTUM VP Support CAMS for HIS\u0027 is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Violation of Secure Design Principles"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/1/32780/files/YSAR-22-0006-E.pdf"
},
{
"name": "https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/19/32780/files/YSAR-22-0006-J.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU92819891/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU92819891/index.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-30707",
"datePublished": "2022-06-28T10:05:59",
"dateReserved": "2022-06-06T00:00:00",
"dateUpdated": "2024-08-03T06:56:13.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29519 (GCVE-0-2022-29519)
Vulnerability from cvelistv5 – Published: 2022-06-28 10:05 – Updated: 2024-08-03 06:26
VLAI?
Summary
Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware.
Severity ?
No CVSS data available.
CWE
- Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | STARDOM Controller |
Affected:
STARDOM FCN Controller and FCJ Controller R1.01 to R4.31
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:26:05.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU95452299/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "STARDOM Controller",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "STARDOM FCN Controller and FCJ Controller R1.01 to R4.31"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T10:05:31",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU95452299/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-29519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "STARDOM Controller",
"version": {
"version_data": [
{
"version_value": "STARDOM FCN Controller and FCJ Controller R1.01 to R4.31"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/1/32885/files/YSAR-22-0007-E.pdf"
},
{
"name": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/19/32885/files/YSAR-22-0007-J.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU95452299/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU95452299/index.html"
},
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-174-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-29519",
"datePublished": "2022-06-28T10:05:31",
"dateReserved": "2022-05-31T00:00:00",
"dateUpdated": "2024-08-03T06:26:05.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27188 (GCVE-0-2022-27188)
Vulnerability from cvelistv5 – Published: 2022-04-15 01:45 – Updated: 2024-08-03 05:25
VLAI?
Summary
OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder.
Severity ?
No CVSS data available.
CWE
- Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | CENTUM VP series with VP6E5150(Graphic Builder) installed and B/M9000 VP |
Affected:
CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:25:31.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU99204686/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM VP series with VP6E5150(Graphic Builder) installed and B/M9000 VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-15T01:45:23",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU99204686/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-27188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM VP series with VP6E5150(Graphic Builder) installed and B/M9000 VP",
"version": {
"version_data": [
{
"version_value": "CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/",
"refsource": "MISC",
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"name": "https://jvn.jp/vu/JVNVU99204686/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU99204686/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-27188",
"datePublished": "2022-04-15T01:45:23",
"dateReserved": "2022-04-01T00:00:00",
"dateUpdated": "2024-08-03T05:25:31.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26034 (GCVE-0-2022-26034)
Vulnerability from cvelistv5 – Published: 2022-04-15 01:45 – Updated: 2024-08-03 04:56
VLAI?
Summary
Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server.
Severity ?
No CVSS data available.
CWE
- Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | CENTUM VP series with VP6E5000(AD Suite Engineering ServerFunction) installed and B/M9000 VP |
Affected:
CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:37.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU99204686/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM VP series with VP6E5000(AD Suite Engineering ServerFunction) installed and B/M9000 VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-15T01:45:21",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU99204686/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-26034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM VP series with VP6E5000(AD Suite Engineering ServerFunction) installed and B/M9000 VP",
"version": {
"version_data": [
{
"version_value": "CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/",
"refsource": "MISC",
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"name": "https://jvn.jp/vu/JVNVU99204686/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU99204686/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-26034",
"datePublished": "2022-04-15T01:45:21",
"dateReserved": "2022-04-01T00:00:00",
"dateUpdated": "2024-08-03T04:56:37.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23402 (GCVE-0-2022-23402)
Vulnerability from cvelistv5 – Published: 2022-03-11 09:10 – Updated: 2024-08-03 03:43
VLAI?
Summary
The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
Severity ?
No CVSS data available.
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | CENTUM VP |
Affected:
versions from R5.01.00 to R5.04.20
Affected: versions from R6.01.00 to R6.08.00 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:45.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:53",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-23402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-23402",
"datePublished": "2022-03-11T09:10:53",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T03:43:45.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23401 (GCVE-0-2022-23401)
Vulnerability from cvelistv5 – Published: 2022-03-11 09:10 – Updated: 2024-08-03 03:43
VLAI?
Summary
The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
Severity ?
No CVSS data available.
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | CENTUM CS 3000 |
Affected:
versions from R3.08.10 to R3.09.00
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:45.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.08.10 to R3.09.00"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R4.01.00 to R4.03.00"
},
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427: Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:51",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-23401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "versions from R3.08.10 to R3.09.00"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R4.01.00 to R4.03.00"
},
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-427: Uncontrolled Search Path Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-23401",
"datePublished": "2022-03-11T09:10:51",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T03:43:45.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22729 (GCVE-0-2022-22729)
Vulnerability from cvelistv5 – Published: 2022-03-11 09:10 – Updated: 2024-08-03 03:21
VLAI?
Summary
CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
Severity ?
No CVSS data available.
CWE
- CWE-302 - Authentication Bypass by Assumed-Immutable Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | CENTUM CS 3000 |
Affected:
versions from R3.08.10 to R3.09.00
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.08.10 to R3.09.00"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R4.01.00 to R4.03.00"
},
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302: Authentication Bypass by Assumed-Immutable Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:50",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-22729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "versions from R3.08.10 to R3.09.00"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R4.01.00 to R4.03.00"
},
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-302: Authentication Bypass by Assumed-Immutable Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-22729",
"datePublished": "2022-03-11T09:10:50",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T03:21:49.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22151 (GCVE-0-2022-22151)
Vulnerability from cvelistv5 – Published: 2022-03-11 09:10 – Updated: 2024-08-03 03:07
VLAI?
Summary
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
Severity ?
No CVSS data available.
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | CENTUM CS 3000 |
Affected:
versions from R3.08.10 to R3.09.00
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:48.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.08.10 to R3.09.00"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R4.01.00 to R4.03.00"
},
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117: Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:48",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-22151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "versions from R3.08.10 to R3.09.00"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R4.01.00 to R4.03.00"
},
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-117: Improper Output Neutralization for Logs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-22151",
"datePublished": "2022-03-11T09:10:48",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T03:07:48.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22148 (GCVE-0-2022-22148)
Vulnerability from cvelistv5 – Published: 2022-03-11 09:10 – Updated: 2024-08-03 03:07
VLAI?
Summary
'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
Severity ?
No CVSS data available.
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | CENTUM CS 3000 |
Affected:
versions from R3.08.10 to R3.09.00
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:49.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.08.10 to R3.09.00"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R4.01.00 to R4.03.00"
},
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\u0027Root Service\u0027 service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:47",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-22148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "versions from R3.08.10 to R3.09.00"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R4.01.00 to R4.03.00"
},
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\u0027Root Service\u0027 service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-22148",
"datePublished": "2022-03-11T09:10:47",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T03:07:49.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22145 (GCVE-0-2022-22145)
Vulnerability from cvelistv5 – Published: 2022-03-11 09:10 – Updated: 2024-08-03 03:07
VLAI?
Summary
CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | CENTUM CS 3000 |
Affected:
versions from R3.08.10 to R3.09.00
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:48.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.08.10 to R3.09.00"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R4.01.00 to R4.03.00"
},
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:45",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-22145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "versions from R3.08.10 to R3.09.00"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R4.01.00 to R4.03.00"
},
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-22145",
"datePublished": "2022-03-11T09:10:45",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T03:07:48.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22141 (GCVE-0-2022-22141)
Vulnerability from cvelistv5 – Published: 2022-03-11 09:10 – Updated: 2024-08-03 03:07
VLAI?
Summary
'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
Severity ?
No CVSS data available.
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | CENTUM CS 3000 |
Affected:
versions from R3.08.10 to R3.09.00
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:07:48.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.08.10 to R3.09.00"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R4.01.00 to R4.03.00"
},
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "\u0027Long-term Data Archive Package\u0027 service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:43",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-22141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "versions from R3.08.10 to R3.09.00"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R4.01.00 to R4.03.00"
},
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\u0027Long-term Data Archive Package\u0027 service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732: Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-22141",
"datePublished": "2022-03-11T09:10:44",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T03:07:48.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21808 (GCVE-0-2022-21808)
Vulnerability from cvelistv5 – Published: 2022-03-11 09:10 – Updated: 2024-08-03 02:53
VLAI?
Summary
Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
Severity ?
No CVSS data available.
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | CENTUM CS 3000 |
Affected:
versions from R3.08.10 to R3.09.00
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:36.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.08.10 to R3.09.00"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R4.01.00 to R4.03.00"
},
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:42",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-21808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "versions from R3.08.10 to R3.09.00"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R4.01.00 to R4.03.00"
},
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-21808",
"datePublished": "2022-03-11T09:10:42",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T02:53:36.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21194 (GCVE-0-2022-21194)
Vulnerability from cvelistv5 – Published: 2022-03-11 09:10 – Updated: 2024-08-03 02:31
VLAI?
Summary
The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00.
Severity ?
No CVSS data available.
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | CENTUM VP |
Affected:
versions from R5.01.00 to R5.04.20
Affected: versions from R6.01.00 to R6.08.00 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:41",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-21194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-21194",
"datePublished": "2022-03-11T09:10:41",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T02:31:59.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21177 (GCVE-0-2022-21177)
Vulnerability from cvelistv5 – Published: 2022-03-11 09:10 – Updated: 2024-08-03 02:31
VLAI?
Summary
There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
Severity ?
No CVSS data available.
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Yokogawa Electric Corporation | CENTUM CS 3000 |
Affected:
versions from R3.08.10 to R3.09.00
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:31:59.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.08.10 to R3.09.00"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R4.01.00 to R4.03.00"
},
{
"status": "affected",
"version": "versions from R5.01.00 to R5.04.20"
},
{
"status": "affected",
"version": "versions from R6.01.00 to R6.08.00"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions from R3.72.00 to R3.79.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T09:10:39",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-21177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "versions from R3.08.10 to R3.09.00"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "versions from R4.01.00 to R4.03.00"
},
{
"version_value": "versions from R5.01.00 to R5.04.20"
},
{
"version_value": "versions from R6.01.00 to R6.08.00"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "versions from R3.72.00 to R3.79.00"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-21177",
"datePublished": "2022-03-11T09:10:39",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-03T02:31:59.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5608 (GCVE-0-2020-5608)
Vulnerability from cvelistv5 – Published: 2020-08-05 13:13 – Updated: 2024-08-04 08:30
VLAI?
Summary
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | CAMS for HIS |
Affected:
CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CAMS for HIS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-05T13:13:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CAMS for HIS",
"version": {
"version_data": [
{
"version_value": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU97997181/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5608",
"datePublished": "2020-08-05T13:13:02",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5609 (GCVE-0-2020-5609)
Vulnerability from cvelistv5 – Published: 2020-08-05 13:12 – Updated: 2024-08-04 08:30
VLAI?
Summary
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Directory traversal
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | CAMS for HIS |
Affected:
CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CAMS for HIS",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-05T13:12:59",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CAMS for HIS",
"version": {
"version_data": [
{
"version_value": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
},
{
"name": "https://jvn.jp/vu/JVNVU97997181/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU97997181/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5609",
"datePublished": "2020-08-05T13:12:59",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6008 (GCVE-0-2019-6008)
Vulnerability from cvelistv5 – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:09
VLAI?
Summary
An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.
Severity ?
No CVSS data available.
CWE
- Unquoted Search Path or Element
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | Multiple Yokogawa products for Windows |
Affected:
Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:24.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/vu/JVNVU98228725/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple Yokogawa products for Windows",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unquoted Search Path or Element",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-26T15:16:49",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/vu/JVNVU98228725/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-6008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multiple Yokogawa products for Windows",
"version": {
"version_data": [
{
"version_value": "Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unquoted Search Path or Element"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/",
"refsource": "MISC",
"url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"
},
{
"name": "http://jvn.jp/vu/JVNVU98228725/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/vu/JVNVU98228725/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-6008",
"datePublished": "2019-12-26T15:16:49",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:24.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5909 (GCVE-0-2019-5909)
Vulnerability from cvelistv5 – Published: 2019-02-13 18:00 – Updated: 2024-08-04 20:09
VLAI?
Summary
License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Authentication Bypass by Assumed-Immutable Data
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | License Manager Service of YOKOGAWA products |
Affected:
(CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03))
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/1/20653/files/YSAR-19-0001-E.pdf"
},
{
"name": "106772",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106772"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://jvn.jp/vu/JVNVU99147082/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "License Manager Service of YOKOGAWA products",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "(CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03))"
}
]
}
],
"datePublic": "2019-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass by Assumed-Immutable Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-14T10:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/1/20653/files/YSAR-19-0001-E.pdf"
},
{
"name": "106772",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106772"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://jvn.jp/vu/JVNVU99147082/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "License Manager Service of YOKOGAWA products",
"version": {
"version_data": [
{
"version_value": "(CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03))"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass by Assumed-Immutable Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/1/20653/files/YSAR-19-0001-E.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/1/20653/files/YSAR-19-0001-E.pdf"
},
{
"name": "106772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106772"
},
{
"name": "http://jvn.jp/vu/JVNVU99147082/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/vu/JVNVU99147082/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2019-5909",
"datePublished": "2019-02-13T18:00:00",
"dateReserved": "2019-01-10T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16196 (GCVE-0-2018-16196)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Denial-of-service (DoS)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | Multiple Yokogawa products that contain Vnet/IP Open Communication Driver |
Affected:
(CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90))
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106442"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU93652047/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "(CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90))"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver\u0027s communication via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-10T10:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "106442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106442"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU93652047/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver",
"version": {
"version_data": [
{
"version_value": "(CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90))"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver\u0027s communication via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106442"
},
{
"name": "https://jvn.jp/vu/JVNVU93652047/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU93652047/index.html"
},
{
"name": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16196",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0651 (GCVE-0-2018-0651)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 03:35
VLAI?
Summary
Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Yokogawa Electric Corporation | The license management function of YOKOGAWA products |
Affected:
(iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf"
},
{
"name": "105124",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU93845358/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "The license management function of YOKOGAWA products",
"vendor": "Yokogawa Electric Corporation",
"versions": [
{
"status": "affected",
"version": "(iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier)"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-10T10:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf"
},
{
"name": "105124",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/vu/JVNVU93845358/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "The license management function of YOKOGAWA products",
"version": {
"version_data": [
{
"version_value": "(iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier)"
}
]
}
}
]
},
"vendor_name": "Yokogawa Electric Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf",
"refsource": "MISC",
"url": "https://web-material3.yokogawa.com/YSAR-18-0006-E.pdf"
},
{
"name": "105124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105124"
},
{
"name": "https://jvn.jp/vu/JVNVU93845358/",
"refsource": "MISC",
"url": "https://jvn.jp/vu/JVNVU93845358/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0651",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:35:49.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}