MidnightBSD

Advisories for yokogawa

CVE-2014-0781 HIGH

Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-119,

Products Affected

Vendor Product Version
yokogawa centum_cs_3000 r3.08.50
yokogawa centum_cs_3000 *
yokogawa centum_cs_3000 r3.07
yokogawa centum_cs_3000 r3.09
yokogawa centum_cs_3000 r3.06
yokogawa centum_cs_3000 r3.08.70
yokogawa centum_cs_3000 r3.01
yokogawa centum_cs_3000 r3.02
yokogawa centum_cs_3000 r3.03
yokogawa centum_cs_3000 r3.05
yokogawa centum_cs_3000 r3.08
yokogawa centum_cs_3000 r3.04
CVE-2014-0782 HIGH

Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-119,

Products Affected

Vendor Product Version
yokogawa centum_cs_1000 -
yokogawa centum_vp_software *
yokogawa centum_cs_3000 -
yokogawa centum_vp -
yokogawa centum_vp_entry_class_software *
yokogawa b/m9000_vp_software *
yokogawa exaopc *
yokogawa centum_cs_3000_entry_class_software *
yokogawa b/m9000cs_software *
yokogawa centum_cs_3000_software *
yokogawa centum_vp_entry_class -
yokogawa b/m9000_vp -
yokogawa centum_cs_3000_entry_class -
yokogawa centum_cs_1000_software -
yokogawa b/m9000cs -
CVE-2014-0783 HIGH

Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-119,

Products Affected

Vendor Product Version
yokogawa centum_cs_3000 r3.08.50
yokogawa centum_cs_3000 *
yokogawa centum_cs_3000 r3.07
yokogawa centum_cs_3000 r3.09
yokogawa centum_cs_3000 r3.06
yokogawa centum_cs_3000 r3.08.70
yokogawa centum_cs_3000 r3.01
yokogawa centum_cs_3000 r3.02
yokogawa centum_cs_3000 r3.03
yokogawa centum_cs_3000 r3.05
yokogawa centum_cs_3000 r3.08
yokogawa centum_cs_3000 r3.04
CVE-2014-0784 HIGH

Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-119,

Products Affected

Vendor Product Version
yokogawa centum_cs_3000 r3.08.50
yokogawa centum_cs_3000 *
yokogawa centum_cs_3000 r3.07
yokogawa centum_cs_3000 r3.09
yokogawa centum_cs_3000 r3.06
yokogawa centum_cs_3000 r3.08.70
yokogawa centum_cs_3000 r3.01
yokogawa centum_cs_3000 r3.02
yokogawa centum_cs_3000 r3.03
yokogawa centum_cs_3000 r3.05
yokogawa centum_cs_3000 r3.08
yokogawa centum_cs_3000 r3.04
CVE-2014-3888 HIGH

Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
yokogawa centum_cs_1000 -
yokogawa centum_vp_software *
yokogawa centum_cs_3000 -
yokogawa centum_vp -
yokogawa centum_vp_entry_class_software *
yokogawa centum_vp_software 4.03.00
yokogawa b/m9000_vp_software *
yokogawa exaopc 3.71.02
yokogawa exaopc *
yokogawa centum_cs_3000_entry_class_software *
yokogawa b/m9000cs_software *
yokogawa centum_cs_3000_software *
yokogawa centum_vp_entry_class -
yokogawa b/m9000_vp -
yokogawa centum_cs_3000_entry_class -
yokogawa centum_cs_1000_software -
yokogawa b/m9000cs -
CVE-2014-5208 HIGH

BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
yokogawa centum_vp r5.02.00
yokogawa centum_cs_3000 r3.08.50
yokogawa centum_vp r5.01.20
yokogawa centum_vp r5.03.00
yokogawa centum_cs_3000 r3.07
yokogawa exaopc *
yokogawa centum_cs_3000 r3.09
yokogawa centum_vp r5.01.00
yokogawa centum_cs_3000 r3.06
yokogawa centum_cs_3000 r3.08.70
yokogawa centum_vp *
yokogawa centum_cs_3000 r3.01
yokogawa centum_cs_3000 r3.02
yokogawa centum_cs_3000 r3.03
yokogawa centum_cs_3000 r3.05
yokogawa centum_cs_3000 r3.08
yokogawa centum_cs_3000 r3.04
yokogawa centum_cs_3000 r3.09.50
CVE-2014-7251 LOW

XML external entity (XXE) vulnerability in the WebHMI server in Yokogawa Electric Corporation FAST/TOOLS before R9.05-SP2 allows local users to cause a denial of service (CPU or network traffic consumption) or read arbitrary files via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
yokogawa fast/tools r9.05
yokogawa fast/tools r9.01
yokogawa fast/tools r9.03
yokogawa fast/tools r9.02
yokogawa fast/tools r9.04
CVE-2015-5626 HIGH

Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
yokogawa exarqe *
yokogawa field_wireless_device_opc_server *
yokogawa stardom_opc_server *
yokogawa exaquantum *
yokogawa exapilot *
yokogawa centum_vp_firmware *
yokogawa exaquantum/batch *
yokogawa prosafe-rs_firmware *
yokogawa exaopc *
yokogawa b/m9000_vp_firmware *
yokogawa scada_software_(fast/tools) *
yokogawa exaplog *
yokogawa exasmoc *
yokogawa versatile_data_server_software *
yokogawa b/m9000cs_firmware *
yokogawa fieldmate r1.01
yokogawa centum_cs_1000_firmware *
yokogawa centum_cs_3000_entry_firmware *
yokogawa centum_cs_3000_firmware *
yokogawa centum_vp_entry_firmware *
yokogawa plant_resource_manager *
yokogawa fieldmate r1.02
CVE-2015-5627 HIGH

Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
yokogawa exarqe *
yokogawa field_wireless_device_opc_server *
yokogawa stardom_opc_server *
yokogawa exaquantum *
yokogawa exapilot *
yokogawa centum_vp_firmware *
yokogawa exaquantum/batch *
yokogawa prosafe-rs_firmware *
yokogawa exaopc *
yokogawa b/m9000_vp_firmware *
yokogawa scada_software_(fast/tools) *
yokogawa exaplog *
yokogawa exasmoc *
yokogawa versatile_data_server_software *
yokogawa b/m9000cs_firmware *
yokogawa fieldmate r1.01
yokogawa centum_cs_1000_firmware *
yokogawa centum_cs_3000_entry_firmware *
yokogawa centum_cs_3000_firmware *
yokogawa centum_vp_entry_firmware *
yokogawa plant_resource_manager *
yokogawa fieldmate r1.02
CVE-2015-5628 HIGH

Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
yokogawa exarqe *
yokogawa field_wireless_device_opc_server *
yokogawa stardom_opc_server *
yokogawa exaquantum *
yokogawa exapilot *
yokogawa centum_vp_firmware *
yokogawa exaquantum/batch *
yokogawa prosafe-rs_firmware *
yokogawa exaopc *
yokogawa b/m9000_vp_firmware *
yokogawa scada_software_(fast/tools) *
yokogawa exaplog *
yokogawa exasmoc *
yokogawa versatile_data_server_software *
yokogawa b/m9000cs_firmware *
yokogawa fieldmate r1.01
yokogawa centum_cs_1000_firmware *
yokogawa centum_cs_3000_entry_firmware *
yokogawa centum_cs_3000_firmware *
yokogawa centum_vp_entry_firmware *
yokogawa plant_resource_manager *
yokogawa fieldmate r1.02
CVE-2016-4860 HIGH

Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change value, or (3) modify application command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
yokogawa stardom_fcn/fcj r3.01
yokogawa stardom_fcn/fcj r4.01
yokogawa stardom_fcn/fcj r1.01
yokogawa stardom_fcn/fcj r2.01
CVE-2018-0651 HIGH

Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
yokogawa astplanner *
yokogawa stardom_versatile_data_server_firmware *
yokogawa trifellows *
yokogawa idefine_for_prosafe-rs_firmware *
yokogawa stardom_fcn/fcj_simulator_firmware *
CVE-2018-10592 HIGH

Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
yokogawa fcj_firmware *
yokogawa fcn-500_firmware *
yokogawa fcn-100_firmware *
yokogawa fcn-rtu_firmware *
CVE-2018-16196 MEDIUM

Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
yokogawa b/m9000_vp *
yokogawa prosafe-rs *
yokogawa fast/tools *
yokogawa centum_cs_3000_entry_class *
yokogawa centum_cs_3000_firmware *
yokogawa centum_vp_firmware *
yokogawa plant_resource_manager *
yokogawa exaopc *
yokogawa centum_vp_entry_class *
CVE-2018-17896 HIGH

Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
yokogawa fcj_firmware *
yokogawa fcn-500_firmware *
yokogawa fcn-100_firmware *
yokogawa fcn-rtu_firmware *
CVE-2018-17898 HIGH

Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
yokogawa fcj_firmware *
yokogawa fcn-500_firmware *
yokogawa fcn-100_firmware *
yokogawa fcn-rtu_firmware *
CVE-2018-17900 MEDIUM

Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
yokogawa fcj_firmware *
yokogawa fcn-500_firmware *
yokogawa fcn-100_firmware *
yokogawa fcn-rtu_firmware *
CVE-2018-17902 MEDIUM

Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,CWE-384,

Products Affected

Vendor Product Version
yokogawa fcj_firmware *
yokogawa fcn-500_firmware *
yokogawa fcn-100_firmware *
yokogawa fcn-rtu_firmware *
CVE-2018-8838 MEDIUM

A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CENTUM VP Basic versions R6.03.10 and earlier, Exaopc versions R3.75.00 and earlier, B/M9000 CS all versions, and B/M9000 VP versions R8.01.01 and earlier may allow a local attacker to exploit the message management function of the system. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
yokogawa centum_vp *
yokogawa b/m9000_vp *
yokogawa b/m9000_cs -
yokogawa centum_cs_3000 *
yokogawa exaopc *
CVE-2019-5909 HIGH

License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
yokogawa centum_vp *
yokogawa prosafe-rs *
yokogawa prm *
yokogawa b/m_9000_vp *
CVE-2019-6008 MEDIUM

An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-428,

Products Affected

Vendor Product Version
yokogawa exaplog *
yokogawa exarqe *
yokogawa exasmoc *
yokogawa ga10 *
yokogawa insightsuiteae *
yokogawa exaquantum *
yokogawa exaquantum/batch *
yokogawa exaopc *
CVE-2020-16232 HIGH

In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
ics-cert@hq.dhs.gov 2.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L 1.3 1.4

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
yokogawa widefield3 *
CVE-2020-5608 HIGH

CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
yokogawa b/m9000cs_firmware *
yokogawa b/m9000vp_firmware *
yokogawa centum_cs_3000_firmware *
yokogawa centum_vp_firmware *
CVE-2020-5609 HIGH

Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
yokogawa b/m9000cs_firmware *
yokogawa b/m9000vp_firmware *
yokogawa centum_cs_3000_firmware *
yokogawa centum_vp_firmware *
CVE-2022-21177 MEDIUM

There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
yokogawa centum_cs_3000_entry_firmware *
yokogawa centum_cs_3000_firmware *
yokogawa centum_vp_firmware *
yokogawa centum_vp_entry_firmware *
yokogawa exaopc *
CVE-2022-21194 MEDIUM

The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
yokogawa centum_vp_firmware *
yokogawa centum_vp_entry_firmware *
yokogawa exaopc *
CVE-2022-21808 MEDIUM

Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-23,CWE-22,

Products Affected

Vendor Product Version
yokogawa centum_cs_3000_entry_firmware *
yokogawa centum_cs_3000_firmware *
yokogawa centum_vp_firmware *
yokogawa centum_vp_entry_firmware *
yokogawa exaopc *
CVE-2022-22141 MEDIUM

'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-269,

Products Affected

Vendor Product Version
yokogawa centum_cs_3000_entry_firmware *
yokogawa centum_cs_3000_firmware *
yokogawa centum_vp_firmware *
yokogawa centum_vp_entry_firmware *
yokogawa exaopc *
CVE-2022-22145 MEDIUM

CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-400,

Products Affected

Vendor Product Version
yokogawa centum_cs_3000_entry_firmware *
yokogawa centum_cs_3000_firmware *
yokogawa centum_vp_firmware *
yokogawa centum_vp_entry_firmware *
yokogawa exaopc *
CVE-2022-22148 MEDIUM

'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,CWE-732,

Products Affected

Vendor Product Version
yokogawa centum_cs_3000_entry_firmware *
yokogawa centum_cs_3000_firmware *
yokogawa centum_vp_firmware *
yokogawa centum_vp_entry_firmware *
yokogawa exaopc *
CVE-2022-22151 MEDIUM

CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-117,CWE-116,

Products Affected

Vendor Product Version
yokogawa centum_cs_3000_entry_firmware *
yokogawa centum_cs_3000_firmware *
yokogawa centum_vp_firmware *
yokogawa centum_vp_entry_firmware *
yokogawa exaopc *
CVE-2022-22729 MEDIUM

CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-302,CWE-287,

Products Affected

Vendor Product Version
yokogawa centum_cs_3000_entry_firmware *
yokogawa centum_cs_3000_firmware *
yokogawa centum_vp_firmware *
yokogawa centum_vp_entry_firmware *
yokogawa exaopc *
CVE-2022-23401 LOW

The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
yokogawa centum_cs_3000_entry_firmware *
yokogawa centum_cs_3000_firmware *
yokogawa centum_vp_firmware *
yokogawa centum_vp_entry_firmware *
yokogawa exaopc *
CVE-2022-23402 HIGH

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
yokogawa centum_vp_firmware *
yokogawa centum_vp_entry_firmware *
yokogawa exaopc *
CVE-2022-26034 MEDIUM

Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
yokogawa centum_vp *
yokogawa b/m9000_vp *
CVE-2022-27188 MEDIUM

OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
yokogawa centum_vp *
yokogawa b/m9000_vp *
CVE-2022-29519 HIGH

Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-319,

Products Affected

Vendor Product Version
yokogawa stardom_fcj_firmware *
yokogawa stardom_fcn_firmware *
CVE-2022-30707 MEDIUM

Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
yokogawa b/m9000_vp *
yokogawa b/m9000cs *
yokogawa centum_cs_3000_firmware *
yokogawa centum_cs_3000_entry_class_firmware *
yokogawa centum_vp_firmware *
yokogawa exaopc *
yokogawa centum_vp_entry_class_firmware *
CVE-2022-30997 HIGH

Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
yokogawa stardom_fcj_firmware *
yokogawa stardom_fcn_firmware *
CVE-2022-32284 HIGH

Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-330,

Products Affected

Vendor Product Version
yokogawa aw810d_firmware *
CVE-2022-33939

CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
yokogawa centum_cs_3000_cp33_firmware -
yokogawa centum_vp_3000_cp451_firmware *
yokogawa centum_cs_3000_cp451_firmware -
yokogawa centum_cs_3000_cp345_firmware -
yokogawa centum_cs_3000_cp401_firmware -
yokogawa centum_cs_3000_cp31_firmware -
yokogawa centum_vp_3000_cp401_firmware *
CVE-2022-40984

Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31 to 1.61 and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by processing a long file name.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
yokogawa wtviewerefree *
yokogawa wtviewere_761941 *
CVE-2023-26593

CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later

Products Affected

Vendor Product Version
yokogawa centum_vp *
yokogawa b/m9000_vp *
yokogawa centum_cs_3000 *
yokogawa b/m9000cs *
yokogawa centum_cs_3000_entry_class *
yokogawa centum_cs_1000 *
yokogawa exaopc *
yokogawa centum_vp_entry_class *
CVE-2023-5915

A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller’s operation is not stopped by the condition. The affected products and versions are as follows: STARDOM FCN/FCJ R1.01 to R4.31.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
yokogawa stardom_fcj_firmware *
yokogawa stardom_fcn_firmware *
CVE-2025-1924

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier

Products Affected

Vendor Product Version
yokogawa vnet/ip_interface_package *
CVE-2025-48019

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier

Products Affected

Vendor Product Version
yokogawa vnet/ip_interface_package *
CVE-2025-48020

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier

Products Affected

Vendor Product Version
yokogawa vnet/ip_interface_package *
CVE-2025-48021

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier

Products Affected

Vendor Product Version
yokogawa vnet/ip_interface_package *
CVE-2025-48022

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier

Products Affected

Vendor Product Version
yokogawa vnet/ip_interface_package *
CVE-2025-48023

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier

Products Affected

Vendor Product Version
yokogawa vnet/ip_interface_package *
CVE-2025-66594

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

Products Affected

Vendor Product Version
yokogawa fast/tools *
CVE-2025-66595

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cross-Site Request Forgery (CSRF). When a user accesses a link crafted by an attacker, the user’s account could be compromised. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

Products Affected

Vendor Product Version
yokogawa fast/tools *
CVE-2025-66596

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, users could be redirected to malicious sites. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

Products Affected

Vendor Product Version
yokogawa fast/tools *
CVE-2025-66597

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports weak cryptographic algorithms, potentially allowing an attacker to decrypt communications with the web server. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

Products Affected

Vendor Product Version
yokogawa fast/tools *
CVE-2025-66598

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product supports old SSL/TLS versions, potentially allowing an attacker to decrypt communications with the web server. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

Products Affected

Vendor Product Version
yokogawa fast/tools *
CVE-2025-66607

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. Users could be redirected to malicious sites by an attacker. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

Products Affected

Vendor Product Version
yokogawa fast/tools *
CVE-2025-66608

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate URLs. An attacker could send specially crafted requests to steal files from the web server. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04

Products Affected

Vendor Product Version
yokogawa fast/tools *