Vulnerabilities > CVE-2018-8838 - Unspecified vulnerability in Yokogawa products

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

yokogawa

NVD

Published: 2018-04-17

Updated: 2019-10-03

Summary

A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CENTUM VP Basic versions R6.03.10 and earlier, Exaopc versions R3.75.00 and earlier, B/M9000 CS all versions, and B/M9000 VP versions R8.01.01 and earlier may allow a local attacker to exploit the message management function of the system. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H).

Vulnerable Configurations

Part	Description	Count
Application	Yokogawa Yokogawa B/M9000 CS - Yokogawa B/M9000 VP * Yokogawa Centum CS 3000 R3.01 Yokogawa Centum CS 3000 R3.02 Yokogawa Centum CS 3000 R3.03 Yokogawa Centum CS 3000 R3.04 Yokogawa Centum CS 3000 R3.05 Yokogawa Centum CS 3000 R3.06 Yokogawa Centum CS 3000 R3.07 Yokogawa Centum CS 3000 R3.08 Yokogawa Centum CS 3000 R3.08.50 Yokogawa Centum CS 3000 R3.08.70 Yokogawa Centum CS 3000 R3.09 Yokogawa Centum CS 3000 R3.09.50 Yokogawa Centum CS 3000 * Yokogawa Centum VP R4.03.00 Yokogawa Centum VP R5.01.00 Yokogawa Centum VP R5.01.20 Yokogawa Centum VP R5.02.00 Yokogawa Centum VP R5.03.00 Yokogawa Centum VP * Yokogawa Exaopc - Yokogawa Exaopc 3.71.02 Yokogawa Exaopc 3.71.10 Yokogawa Exaopc 3.72.00 Yokogawa Exaopc R1.01.00 Yokogawa Exaopc R3.72.00	28

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-102-01