var-201804-1571
Vulnerability from variot
A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CENTUM VP Basic versions R6.03.10 and earlier, Exaopc versions R3.75.00 and earlier, B/M9000 CS all versions, and B/M9000 VP versions R8.01.01 and earlier may allow a local attacker to exploit the message management function of the system. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H). Provided by Yokogawa Electric Corporation CENTUM When Exaopc Lacks access restrictions (CWE-264) Vulnerability exists.An attacker who can log in to the product could be able to forge the alarm and obstruct the alarm display. CENTUM CS 3000, CENTUM VP, etc. are Yokogawa's motor products and are Windows-based control systems. These products can be used in a variety of industries including key manufacturing, energy, food and agriculture. Yokogawa CENTUM and Exaopc have privilege escalation vulnerabilities that can be exploited by local attackers to generate erroneous system or process alerts or to prevent system or process alert displays. Yokogawa CENTUM and Exaopc are prone to local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. The system is mainly used in multi-field factories. An elevation of privilege vulnerability exists in several Yokogawa products. A local attacker could exploit this vulnerability to use the system's message management functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1571",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "b\\/m9000 cs",
"scope": "eq",
"trust": 1.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "b\\/m9000 vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r8.01.01"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.75.00"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r6.03.10"
},
{
"model": "b/m9000 vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r8.01.01"
},
{
"model": "b/m9000cs",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum cs 1000",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r3.09.50"
},
{
"model": "centum cs 3000",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "small r3.09.50"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "basic r6.03.10"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r6.03.10"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "small r6.03.10"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r3.75.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "centum vp",
"version": "*"
},
{
"model": "centum series",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum cs",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "1000"
},
{
"model": "centum cs \u003c=r3.09.50",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs small \u003c=r3.09.50",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum vp \u003c=r6.03.10",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp small \u003c=r6.03.10",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp basic \u003c=r6.03.10",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc \u003c=r3.75.00",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "b/m9000 cs",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "b/m9000 vp \u003c=r8.01.01",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "b\\/m9000 vp",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r8.01.01"
},
{
"model": "centum cs 1000",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": null
},
{
"model": "exaopc",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r3.75.00"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "centum vp",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r6.03.10"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "centum cs 3000",
"version": "*"
},
{
"model": "exaopc r3.75.00",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp small r6.03.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp basic r6.03.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum vp r6.03.10",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "centum cs small r3.09.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs r3.09.50",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "3000"
},
{
"model": "centum cs",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "10000"
},
{
"model": "b/m9000 vp r8.01.01",
"scope": null,
"trust": 0.3,
"vendor": "yokogawa",
"version": null
},
{
"model": "b/m9000 cs",
"scope": "eq",
"trust": 0.3,
"vendor": "yokogawa",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "b m9000 cs",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "b m9000 vp",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "exaopc",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2eb40d1-39ab-11e9-9c26-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07299"
},
{
"db": "BID",
"id": "103973"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002523"
},
{
"db": "NVD",
"id": "CVE-2018-8838"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-778"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:b\\/m9000_cs:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:b\\/m9000_vp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r8.01.01",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:*:*:*:*:small:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.09.50",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:basic:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r6.03.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r3.75.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r6.03.10",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:small:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r6.03.10",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8838"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "103973"
}
],
"trust": 0.3
},
"cve": "CVE-2018-8838",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "Single",
"author": "JPCERT/CC",
"availabilityImpact": "Complete",
"baseScore": 5.7,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-002523",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.9,
"id": "CNVD-2018-07299",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 1.9,
"id": "e2eb40d1-39ab-11e9-9c26-000c29342cb1",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:P/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-138870",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.0,
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-002523",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8838",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-002523",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-07299",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-778",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2eb40d1-39ab-11e9-9c26-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138870",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2eb40d1-39ab-11e9-9c26-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07299"
},
{
"db": "VULHUB",
"id": "VHN-138870"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002523"
},
{
"db": "NVD",
"id": "CVE-2018-8838"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-778"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CENTUM VP Basic versions R6.03.10 and earlier, Exaopc versions R3.75.00 and earlier, B/M9000 CS all versions, and B/M9000 VP versions R8.01.01 and earlier may allow a local attacker to exploit the message management function of the system. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H). Provided by Yokogawa Electric Corporation CENTUM When Exaopc Lacks access restrictions (\u003ca href=\"https://cwe.mitre.org/data/definitions/264.html\"target=\"blank\"\u003eCWE-264\u003c/a\u003e) Vulnerability exists.An attacker who can log in to the product could be able to forge the alarm and obstruct the alarm display. CENTUM CS 3000, CENTUM VP, etc. are Yokogawa\u0027s motor products and are Windows-based control systems. These products can be used in a variety of industries including key manufacturing, energy, food and agriculture. Yokogawa CENTUM and Exaopc have privilege escalation vulnerabilities that can be exploited by local attackers to generate erroneous system or process alerts or to prevent system or process alert displays. Yokogawa CENTUM and Exaopc are prone to local security-bypass vulnerability. \nAttackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. The system is mainly used in multi-field factories. An elevation of privilege vulnerability exists in several Yokogawa products. A local attacker could exploit this vulnerability to use the system\u0027s message management functionality",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8838"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002523"
},
{
"db": "CNVD",
"id": "CNVD-2018-07299"
},
{
"db": "BID",
"id": "103973"
},
{
"db": "IVD",
"id": "e2eb40d1-39ab-11e9-9c26-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-138870"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8838",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-102-01",
"trust": 3.4
},
{
"db": "CNVD",
"id": "CNVD-2018-07299",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-778",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU98102375",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002523",
"trust": 0.8
},
{
"db": "BID",
"id": "103973",
"trust": 0.4
},
{
"db": "IVD",
"id": "E2EB40D1-39AB-11E9-9C26-000C29342CB1",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-98979",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-138870",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2eb40d1-39ab-11e9-9c26-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07299"
},
{
"db": "VULHUB",
"id": "VHN-138870"
},
{
"db": "BID",
"id": "103973"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002523"
},
{
"db": "NVD",
"id": "CVE-2018-8838"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-778"
}
]
},
"id": "VAR-201804-1571",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2eb40d1-39ab-11e9-9c26-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07299"
},
{
"db": "VULHUB",
"id": "VHN-138870"
}
],
"trust": 1.5638549350000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2eb40d1-39ab-11e9-9c26-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07299"
}
]
},
"last_update_date": "2023-12-18T12:50:46.794000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "YSAR-18-0001: CENTUM \u3068 Exaopc \u306b\u30a2\u30e9\u30fc\u30e0\u306e\u507d\u9020\u3068\u59a8\u5bb3\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://web-material3.yokogawa.com/ysar-18-0001-j.jp.pdf"
},
{
"title": "Patch for Yokogawa CENTUM and Exaopc Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/125853"
},
{
"title": "Multiple Yokogawa Product Privilege License and Access Control Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80152"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07299"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002523"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-778"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138870"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002523"
},
{
"db": "NVD",
"id": "CVE-2018-8838"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-102-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8838"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu98102375"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8838"
},
{
"trust": 0.3,
"url": "http://www.yokogawa.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07299"
},
{
"db": "VULHUB",
"id": "VHN-138870"
},
{
"db": "BID",
"id": "103973"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002523"
},
{
"db": "NVD",
"id": "CVE-2018-8838"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-778"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2eb40d1-39ab-11e9-9c26-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07299"
},
{
"db": "VULHUB",
"id": "VHN-138870"
},
{
"db": "BID",
"id": "103973"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002523"
},
{
"db": "NVD",
"id": "CVE-2018-8838"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-778"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-10T00:00:00",
"db": "IVD",
"id": "e2eb40d1-39ab-11e9-9c26-000c29342cb1"
},
{
"date": "2018-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07299"
},
{
"date": "2018-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-138870"
},
{
"date": "2018-04-12T00:00:00",
"db": "BID",
"id": "103973"
},
{
"date": "2018-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002523"
},
{
"date": "2018-04-17T21:29:00.343000",
"db": "NVD",
"id": "CVE-2018-8838"
},
{
"date": "2018-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-778"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07299"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-138870"
},
{
"date": "2018-04-12T00:00:00",
"db": "BID",
"id": "103973"
},
{
"date": "2018-08-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002523"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-8838"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-778"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "103973"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-778"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CENTUM When Exaopc Vulnerable to inadequate access restrictions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002523"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-778"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.