Vulnerabilities > Yokogawa
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-01 | CVE-2023-5915 | Unspecified vulnerability in Yokogawa Stardom FCJ Firmware and Stardom FCN Firmware A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. | 5.3 |
| 2023-04-11 | CVE-2023-26593 | Cleartext Storage of Sensitive Information vulnerability in Yokogawa products CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. | 7.8 |
| 2022-10-24 | CVE-2022-40984 | Out-of-bounds Write vulnerability in Yokogawa Wtviewere 761941 and Wtviewerefree Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31 to 1.61 and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by processing a long file name. | 9.8 |
| 2022-08-16 | CVE-2022-33939 | Unspecified vulnerability in Yokogawa products CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. | 7.5 |
| 2022-07-04 | CVE-2022-32284 | Use of Insufficiently Random Values vulnerability in Yokogawa Aw810D Firmware R12 Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet. | 7.5 |
| 2022-06-28 | CVE-2022-29519 | Cleartext Transmission of Sensitive Information vulnerability in Yokogawa Stardom FCJ Firmware and Stardom FCN Firmware Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware. | 7.5 |
| 2022-06-28 | CVE-2022-30707 | Unspecified vulnerability in Yokogawa products Violation of secure design principles exists in the communication of CAMS for HIS. low complexity yokogawa | 8.8 |
| 2022-06-28 | CVE-2022-30997 | Use of Hard-coded Credentials vulnerability in Yokogawa Stardom FCJ Firmware and Stardom FCN Firmware Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware. | 7.2 |
| 2022-04-15 | CVE-2022-26034 | Improper Authentication vulnerability in Yokogawa B/M9000 VP and Centum VP Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. | 9.1 |
| 2022-04-15 | CVE-2022-27188 | OS Command Injection vulnerability in Yokogawa B/M9000 VP and Centum VP OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder. | 7.8 |