CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-21194
https://notcve.org/view.php?id=CVE-2022-21194
11 Mar 2022 — The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00. Los siguientes productos de Yokogawa Electric no cambian las contraseñas de las cuentas internas de Windows desde la configuración inicial: CENTUM VP versiones desde R5.01.00 a R5.04.20 y versiones desde R6.01.00 a R6.08.0, Exaopc versiones desde R3.7... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2022-21177
https://notcve.org/view.php?id=CVE-2022-21177
11 Mar 2022 — There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. Se presenta una vulnerabilidad de salto de ruta en CAMS para HIS Log Server contenida en los siguientes productos de Yokogawa Electric: CENTUM CS 3000 versiones desde R3.08.10 a R3.09.00, CENTU... • https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 10.0EPSS: 3%CPEs: 32EXPL: 0CVE-2015-5626
https://notcve.org/view.php?id=CVE-2015-5626
05 Feb 2020 — Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Serve... • http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 38%CPEs: 32EXPL: 0CVE-2015-5628
https://notcve.org/view.php?id=CVE-2015-5628
05 Feb 2020 — Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Serve... • http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 3%CPEs: 32EXPL: 0CVE-2015-5627
https://notcve.org/view.php?id=CVE-2015-5627
05 Feb 2020 — Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Serve... • http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-6008
https://notcve.org/view.php?id=CVE-2019-6008
26 Dec 2019 — An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? • http://jvn.jp/vu/JVNVU98228725/index.html • CWE-428: Unquoted Search Path or Element •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2018-16196
https://notcve.org/view.php?id=CVE-2018-16196
09 Jan 2019 — Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Drive... • http://www.securityfocus.com/bid/106442 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-8838
https://notcve.org/view.php?id=CVE-2018-8838
17 Apr 2018 — A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CENTUM VP Basic versions R6.03.10 and earlier, Exaopc versions R3.75.00 and earlier, B/M9000 CS all versions, and B/M9000 VP versions R8.01.01 and earlier may allow a local attacker to exploit the message management function of the system. A CVSS v3 base score of ... • https://ics-cert.us-cert.gov/advisories/ICSA-18-102-01 •
CVSS: 9.1EPSS: 17%CPEs: 21EXPL: 1CVE-2014-5208 – Yokogawa BKBCopyD.exe Client
https://notcve.org/view.php?id=CVE-2014-5208
22 Dec 2014 — BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784. Gestión de paquetes por lotes en BKBCopyD.exe en Yokogawa CE... • http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 41%CPEs: 29EXPL: 3CVE-2014-3888 – Yokogawa CS3000 - 'BKFSim_vhfd.exe' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-3888
07 Jul 2014 — Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet. Desbordamiento de buffer basado en pila en BKFSim_vhfd.exe en Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 y anteriores, CENTUM VP R5.03.20 y anteriores, Exaop... • https://www.exploit-db.com/exploits/34009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •