Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-122,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_cs_3000 | r3.08.50 |
| yokogawa | centum_cs_3000 | * |
| yokogawa | centum_cs_3000 | r3.07 |
| yokogawa | centum_cs_3000 | r3.09 |
| yokogawa | centum_cs_3000 | r3.06 |
| yokogawa | centum_cs_3000 | r3.08.70 |
| yokogawa | centum_cs_3000 | r3.01 |
| yokogawa | centum_cs_3000 | r3.02 |
| yokogawa | centum_cs_3000 | r3.03 |
| yokogawa | centum_cs_3000 | r3.05 |
| yokogawa | centum_cs_3000 | r3.08 |
| yokogawa | centum_cs_3000 | r3.04 |
Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-121,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_cs_1000 | - |
| yokogawa | centum_vp_software | * |
| yokogawa | centum_cs_3000 | - |
| yokogawa | centum_vp | - |
| yokogawa | centum_vp_entry_class_software | * |
| yokogawa | b/m9000_vp_software | * |
| yokogawa | exaopc | * |
| yokogawa | centum_cs_3000_entry_class_software | * |
| yokogawa | b/m9000cs_software | * |
| yokogawa | centum_cs_3000_software | * |
| yokogawa | centum_vp_entry_class | - |
| yokogawa | b/m9000_vp | - |
| yokogawa | centum_cs_3000_entry_class | - |
| yokogawa | centum_cs_1000_software | - |
| yokogawa | b/m9000cs | - |
Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-121,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_cs_3000 | r3.08.50 |
| yokogawa | centum_cs_3000 | * |
| yokogawa | centum_cs_3000 | r3.07 |
| yokogawa | centum_cs_3000 | r3.09 |
| yokogawa | centum_cs_3000 | r3.06 |
| yokogawa | centum_cs_3000 | r3.08.70 |
| yokogawa | centum_cs_3000 | r3.01 |
| yokogawa | centum_cs_3000 | r3.02 |
| yokogawa | centum_cs_3000 | r3.03 |
| yokogawa | centum_cs_3000 | r3.05 |
| yokogawa | centum_cs_3000 | r3.08 |
| yokogawa | centum_cs_3000 | r3.04 |
Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-121,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_cs_3000 | r3.08.50 |
| yokogawa | centum_cs_3000 | * |
| yokogawa | centum_cs_3000 | r3.07 |
| yokogawa | centum_cs_3000 | r3.09 |
| yokogawa | centum_cs_3000 | r3.06 |
| yokogawa | centum_cs_3000 | r3.08.70 |
| yokogawa | centum_cs_3000 | r3.01 |
| yokogawa | centum_cs_3000 | r3.02 |
| yokogawa | centum_cs_3000 | r3.03 |
| yokogawa | centum_cs_3000 | r3.05 |
| yokogawa | centum_cs_3000 | r3.08 |
| yokogawa | centum_cs_3000 | r3.04 |
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_cs_1000 | - |
| yokogawa | centum_vp_software | * |
| yokogawa | centum_cs_3000 | - |
| yokogawa | centum_vp | - |
| yokogawa | centum_vp_entry_class_software | * |
| yokogawa | centum_vp_software | 4.03.00 |
| yokogawa | b/m9000_vp_software | * |
| yokogawa | exaopc | 3.71.02 |
| yokogawa | exaopc | * |
| yokogawa | centum_cs_3000_entry_class_software | * |
| yokogawa | b/m9000cs_software | * |
| yokogawa | centum_cs_3000_software | * |
| yokogawa | centum_vp_entry_class | - |
| yokogawa | b/m9000_vp | - |
| yokogawa | centum_cs_3000_entry_class | - |
| yokogawa | centum_cs_1000_software | - |
| yokogawa | b/m9000cs | - |
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_vp | r5.02.00 |
| yokogawa | centum_cs_3000 | r3.08.50 |
| yokogawa | centum_vp | r5.01.20 |
| yokogawa | centum_vp | r5.03.00 |
| yokogawa | centum_cs_3000 | r3.07 |
| yokogawa | exaopc | * |
| yokogawa | centum_cs_3000 | r3.09 |
| yokogawa | centum_vp | r5.01.00 |
| yokogawa | centum_cs_3000 | r3.06 |
| yokogawa | centum_cs_3000 | r3.08.70 |
| yokogawa | centum_vp | * |
| yokogawa | centum_cs_3000 | r3.01 |
| yokogawa | centum_cs_3000 | r3.02 |
| yokogawa | centum_cs_3000 | r3.03 |
| yokogawa | centum_cs_3000 | r3.05 |
| yokogawa | centum_cs_3000 | r3.08 |
| yokogawa | centum_cs_3000 | r3.04 |
| yokogawa | centum_cs_3000 | r3.09.50 |
XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | fast/tools | r9.05 |
| yokogawa | fast/tools | r9.01 |
| yokogawa | fast/tools | r9.03 |
| yokogawa | fast/tools | r9.02 |
| yokogawa | fast/tools | r9.04 |
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | exarqe | * |
| yokogawa | field_wireless_device_opc_server | * |
| yokogawa | stardom_opc_server | * |
| yokogawa | exaquantum | * |
| yokogawa | exapilot | * |
| yokogawa | centum_vp_firmware | * |
| yokogawa | exaquantum/batch | * |
| yokogawa | prosafe-rs_firmware | * |
| yokogawa | exaopc | * |
| yokogawa | b/m9000_vp_firmware | * |
| yokogawa | scada_software_(fast/tools) | * |
| yokogawa | exaplog | * |
| yokogawa | exasmoc | * |
| yokogawa | versatile_data_server_software | * |
| yokogawa | b/m9000cs_firmware | * |
| yokogawa | fieldmate | r1.01 |
| yokogawa | centum_cs_1000_firmware | * |
| yokogawa | centum_cs_3000_entry_firmware | * |
| yokogawa | centum_cs_3000_firmware | * |
| yokogawa | centum_vp_entry_firmware | * |
| yokogawa | plant_resource_manager | * |
| yokogawa | fieldmate | r1.02 |
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | exarqe | * |
| yokogawa | field_wireless_device_opc_server | * |
| yokogawa | stardom_opc_server | * |
| yokogawa | exaquantum | * |
| yokogawa | exapilot | * |
| yokogawa | centum_vp_firmware | * |
| yokogawa | exaquantum/batch | * |
| yokogawa | prosafe-rs_firmware | * |
| yokogawa | exaopc | * |
| yokogawa | b/m9000_vp_firmware | * |
| yokogawa | scada_software_(fast/tools) | * |
| yokogawa | exaplog | * |
| yokogawa | exasmoc | * |
| yokogawa | versatile_data_server_software | * |
| yokogawa | b/m9000cs_firmware | * |
| yokogawa | fieldmate | r1.01 |
| yokogawa | centum_cs_1000_firmware | * |
| yokogawa | centum_cs_3000_entry_firmware | * |
| yokogawa | centum_cs_3000_firmware | * |
| yokogawa | centum_vp_entry_firmware | * |
| yokogawa | plant_resource_manager | * |
| yokogawa | fieldmate | r1.02 |
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | exarqe | * |
| yokogawa | field_wireless_device_opc_server | * |
| yokogawa | stardom_opc_server | * |
| yokogawa | exaquantum | * |
| yokogawa | exapilot | * |
| yokogawa | centum_vp_firmware | * |
| yokogawa | exaquantum/batch | * |
| yokogawa | prosafe-rs_firmware | * |
| yokogawa | exaopc | * |
| yokogawa | b/m9000_vp_firmware | * |
| yokogawa | scada_software_(fast/tools) | * |
| yokogawa | exaplog | * |
| yokogawa | exasmoc | * |
| yokogawa | versatile_data_server_software | * |
| yokogawa | b/m9000cs_firmware | * |
| yokogawa | fieldmate | r1.01 |
| yokogawa | centum_cs_1000_firmware | * |
| yokogawa | centum_cs_3000_entry_firmware | * |
| yokogawa | centum_cs_3000_firmware | * |
| yokogawa | centum_vp_entry_firmware | * |
| yokogawa | plant_resource_manager | * |
| yokogawa | fieldmate | r1.02 |
Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change value, or (3) modify application command.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | stardom_fcn/fcj | r3.01 |
| yokogawa | stardom_fcn/fcj | r4.01 |
| yokogawa | stardom_fcn/fcj | r1.01 |
| yokogawa | stardom_fcn/fcj | r2.01 |
Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | astplanner | * |
| yokogawa | stardom_versatile_data_server_firmware | * |
| yokogawa | trifellows | * |
| yokogawa | idefine_for_prosafe-rs_firmware | * |
| yokogawa | stardom_fcn/fcj_simulator_firmware | * |
Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | fcj_firmware | * |
| yokogawa | fcn-500_firmware | * |
| yokogawa | fcn-100_firmware | * |
| yokogawa | fcn-rtu_firmware | * |
Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | b/m9000_vp | * |
| yokogawa | prosafe-rs | * |
| yokogawa | fast/tools | * |
| yokogawa | centum_cs_3000_entry_class | * |
| yokogawa | centum_cs_3000_firmware | * |
| yokogawa | centum_vp_firmware | * |
| yokogawa | plant_resource_manager | * |
| yokogawa | exaopc | * |
| yokogawa | centum_vp_entry_class | * |
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | fcj_firmware | * |
| yokogawa | fcn-500_firmware | * |
| yokogawa | fcn-100_firmware | * |
| yokogawa | fcn-rtu_firmware | * |
Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | fcj_firmware | * |
| yokogawa | fcn-500_firmware | * |
| yokogawa | fcn-100_firmware | * |
| yokogawa | fcn-rtu_firmware | * |
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-522,CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | fcj_firmware | * |
| yokogawa | fcn-500_firmware | * |
| yokogawa | fcn-100_firmware | * |
| yokogawa | fcn-rtu_firmware | * |
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-384,CWE-384,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | fcj_firmware | * |
| yokogawa | fcn-500_firmware | * |
| yokogawa | fcn-100_firmware | * |
| yokogawa | fcn-rtu_firmware | * |
A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CENTUM VP Basic versions R6.03.10 and earlier, Exaopc versions R3.75.00 and earlier, B/M9000 CS all versions, and B/M9000 VP versions R8.01.01 and earlier may allow a local attacker to exploit the message management function of the system. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_vp | * |
| yokogawa | b/m9000_vp | * |
| yokogawa | b/m9000_cs | - |
| yokogawa | centum_cs_3000 | * |
| yokogawa | exaopc | * |
License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_vp | * |
| yokogawa | prosafe-rs | * |
| yokogawa | prm | * |
| yokogawa | b/m_9000_vp | * |
An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-428,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | exaplog | * |
| yokogawa | exarqe | * |
| yokogawa | exasmoc | * |
| yokogawa | ga10 | * |
| yokogawa | insightsuiteae | * |
| yokogawa | exaquantum | * |
| yokogawa | exaquantum/batch | * |
| yokogawa | exaopc | * |
In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| ics-cert@hq.dhs.gov | 2.8 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L | 1.3 | 1.4 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | widefield3 | * |
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | b/m9000cs_firmware | * |
| yokogawa | b/m9000vp_firmware | * |
| yokogawa | centum_cs_3000_firmware | * |
| yokogawa | centum_vp_firmware | * |
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | b/m9000cs_firmware | * |
| yokogawa | b/m9000vp_firmware | * |
| yokogawa | centum_cs_3000_firmware | * |
| yokogawa | centum_vp_firmware | * |
There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-23,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_cs_3000_entry_firmware | * |
| yokogawa | centum_cs_3000_firmware | * |
| yokogawa | centum_vp_firmware | * |
| yokogawa | centum_vp_entry_firmware | * |
| yokogawa | exaopc | * |
The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_vp_firmware | * |
| yokogawa | centum_vp_entry_firmware | * |
| yokogawa | exaopc | * |
Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-23,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_cs_3000_entry_firmware | * |
| yokogawa | centum_cs_3000_firmware | * |
| yokogawa | centum_vp_firmware | * |
| yokogawa | centum_vp_entry_firmware | * |
| yokogawa | exaopc | * |
'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-732,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_cs_3000_entry_firmware | * |
| yokogawa | centum_cs_3000_firmware | * |
| yokogawa | centum_vp_firmware | * |
| yokogawa | centum_vp_entry_firmware | * |
| yokogawa | exaopc | * |
CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_cs_3000_entry_firmware | * |
| yokogawa | centum_cs_3000_firmware | * |
| yokogawa | centum_vp_firmware | * |
| yokogawa | centum_vp_entry_firmware | * |
| yokogawa | exaopc | * |
'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-732,CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_cs_3000_entry_firmware | * |
| yokogawa | centum_cs_3000_firmware | * |
| yokogawa | centum_vp_firmware | * |
| yokogawa | centum_vp_entry_firmware | * |
| yokogawa | exaopc | * |
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-117,CWE-116,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_cs_3000_entry_firmware | * |
| yokogawa | centum_cs_3000_firmware | * |
| yokogawa | centum_vp_firmware | * |
| yokogawa | centum_vp_entry_firmware | * |
| yokogawa | exaopc | * |
CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-302,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_cs_3000_entry_firmware | * |
| yokogawa | centum_cs_3000_firmware | * |
| yokogawa | centum_vp_firmware | * |
| yokogawa | centum_vp_entry_firmware | * |
| yokogawa | exaopc | * |
The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-427,CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_cs_3000_entry_firmware | * |
| yokogawa | centum_cs_3000_firmware | * |
| yokogawa | centum_vp_firmware | * |
| yokogawa | centum_vp_entry_firmware | * |
| yokogawa | exaopc | * |
The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_vp_firmware | * |
| yokogawa | centum_vp_entry_firmware | * |
| yokogawa | exaopc | * |
Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 3.9 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_vp | * |
| yokogawa | b/m9000_vp | * |
OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_vp | * |
| yokogawa | b/m9000_vp | * |
Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-319,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | stardom_fcj_firmware | * |
| yokogawa | stardom_fcn_firmware | * |
Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | b/m9000_vp | * |
| yokogawa | b/m9000cs | * |
| yokogawa | centum_cs_3000_firmware | * |
| yokogawa | centum_cs_3000_entry_class_firmware | * |
| yokogawa | centum_vp_firmware | * |
| yokogawa | exaopc | * |
| yokogawa | centum_vp_entry_class_firmware | * |
Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | stardom_fcj_firmware | * |
| yokogawa | stardom_fcn_firmware | * |
Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-330,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | aw810d_firmware | * |
CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_cs_3000_cp33_firmware | - |
| yokogawa | centum_vp_3000_cp451_firmware | * |
| yokogawa | centum_cs_3000_cp451_firmware | - |
| yokogawa | centum_cs_3000_cp345_firmware | - |
| yokogawa | centum_cs_3000_cp401_firmware | - |
| yokogawa | centum_cs_3000_cp31_firmware | - |
| yokogawa | centum_vp_3000_cp401_firmware | * |
Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31 to 1.61 and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by processing a long file name.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | wtviewerefree | * |
| yokogawa | wtviewere_761941 | * |
CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | centum_vp | * |
| yokogawa | b/m9000_vp | * |
| yokogawa | centum_cs_3000 | * |
| yokogawa | b/m9000cs | * |
| yokogawa | centum_cs_3000_entry_class | * |
| yokogawa | centum_cs_1000 | * |
| yokogawa | exaopc | * |
| yokogawa | centum_vp_entry_class | * |
A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller’s operation is not stopped by the condition. The affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | stardom_fcj_firmware | * |
| yokogawa | stardom_fcn_firmware | * |
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | vnet/ip_interface_package | * |
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | vnet/ip_interface_package | * |
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | vnet/ip_interface_package | * |
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | vnet/ip_interface_package | * |
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | vnet/ip_interface_package | * |
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | vnet/ip_interface_package | * |
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | fast/tools | * |
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cross-Site Request Forgery (CSRF). When a user accesses a link crafted by an attacker, the user’s account could be compromised. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | fast/tools | * |
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | fast/tools | * |
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports weak cryptographic algorithms, potentially allowing an attacker to decrypt communications with the web server. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | fast/tools | * |
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TLS versions, potentially allowing an attacker to decrypt communications with the web server. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | fast/tools | * |
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. Users could be redirected to malicious sites by an attacker. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | fast/tools | * |
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate URLs. An attacker could send specially crafted requests to steal files from the web server. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yokogawa | fast/tools | * |