NotCVE - vendor:"Yokogawa" product:"B\/m9000 Vp"

11 results (0.004 seconds)

CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0

CVE-2023-26593

https://notcve.org/view.php?id=CVE-2023-26593

11 Apr 2023 — CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user creden... • https://jvn.jp/en/vu/JVNVU98775218 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0

CVE-2022-30707

https://notcve.org/view.php?id=CVE-2022-30707

28 Jun 2022 — Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.... • https://jvn.jp/vu/JVNVU92819891/index.html •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-27188

https://notcve.org/view.php?id=CVE-2022-27188

15 Apr 2022 — OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder. Se presenta una vulnerabilidad de inyección de comandos del Sistema Operativo en CENTUM VP versiones R4.01.00 a R4.03.00, CENTUM VP Small v... • https://jvn.jp/vu/JVNVU99204686/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2022-26034

https://notcve.org/view.php?id=CVE-2022-26034

15 Apr 2022 — Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server. Una vulnerabilidad de autenticación inapropiada en el protocolo de comunicación proporcionado por el servidor AD (Automation... • https://jvn.jp/vu/JVNVU99204686/index.html • CWE-287: Improper Authentication •

CVSS: 10.0EPSS: 3%CPEs: 32EXPL: 0

CVE-2015-5626

https://notcve.org/view.php?id=CVE-2015-5626

05 Feb 2020 — Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Serve... • http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf • CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 38%CPEs: 32EXPL: 0

CVE-2015-5628

https://notcve.org/view.php?id=CVE-2015-5628

CVSS: 10.0EPSS: 3%CPEs: 32EXPL: 0

CVE-2015-5627

https://notcve.org/view.php?id=CVE-2015-5627

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

CVE-2018-16196

https://notcve.org/view.php?id=CVE-2018-16196

09 Jan 2019 — Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Drive... • http://www.securityfocus.com/bid/106442 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2018-8838

https://notcve.org/view.php?id=CVE-2018-8838

17 Apr 2018 — A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CENTUM VP Basic versions R6.03.10 and earlier, Exaopc versions R3.75.00 and earlier, B/M9000 CS all versions, and B/M9000 VP versions R8.01.01 and earlier may allow a local attacker to exploit the message management function of the system. A CVSS v3 base score of ... • https://ics-cert.us-cert.gov/advisories/ICSA-18-102-01 •

CVSS: 9.8EPSS: 41%CPEs: 29EXPL: 3

CVE-2014-3888 – Yokogawa CS3000 - 'BKFSim_vhfd.exe' Remote Buffer Overflow

https://notcve.org/view.php?id=CVE-2014-3888

07 Jul 2014 — Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet. Desbordamiento de buffer basado en pila en BKFSim_vhfd.exe en Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 y anteriores, CENTUM VP R5.03.20 y anteriores, Exaop... • https://www.exploit-db.com/exploits/34009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

1 2