Vulnerabilities > Yokogawa > High

DATE CVE VULNERABILITY TITLE RISK
2023-04-11 CVE-2023-26593 Cleartext Storage of Sensitive Information vulnerability in Yokogawa products
CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information.
local
low complexity
yokogawa CWE-312
7.8
2022-08-16 CVE-2022-33939 Unspecified vulnerability in Yokogawa products
CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption.
network
low complexity
yokogawa
7.5
2022-07-04 CVE-2022-32284 Use of Insufficiently Random Values vulnerability in Yokogawa Aw810D Firmware R12
Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet.
network
low complexity
yokogawa CWE-330
7.8
2022-06-28 CVE-2022-29519 Cleartext Transmission of Sensitive Information vulnerability in Yokogawa Stardom FCJ Firmware and Stardom FCN Firmware
Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware.
7.9
2022-06-28 CVE-2022-30707 Unspecified vulnerability in Yokogawa products
Violation of secure design principles exists in the communication of CAMS for HIS.
low complexity
yokogawa
8.8
2022-06-28 CVE-2022-30997 Use of Hard-coded Credentials vulnerability in Yokogawa Stardom FCJ Firmware and Stardom FCN Firmware
Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware.
network
low complexity
yokogawa CWE-798
7.2
2022-03-18 CVE-2020-16232 Classic Buffer Overflow vulnerability in Yokogawa Widefield3
In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file.
network
low complexity
yokogawa CWE-120
7.5
2022-03-11 CVE-2022-23402 Use of Hard-coded Credentials vulnerability in Yokogawa products
The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00
network
low complexity
yokogawa CWE-798
7.5
2020-08-05 CVE-2020-5609 Path Traversal vulnerability in Yokogawa products
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.
network
low complexity
yokogawa CWE-22
7.5
2020-08-05 CVE-2020-5608 Improper Authentication vulnerability in Yokogawa products
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors.
network
low complexity
yokogawa CWE-287
7.5