CVE-2015-5627
https://notcve.org/view.php?id=CVE-2015-5627
05 Feb 2020 — Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Serve... • http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf • CWE-787: Out-of-bounds Write •
CVE-2019-6008
https://notcve.org/view.php?id=CVE-2019-6008
26 Dec 2019 — An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? • http://jvn.jp/vu/JVNVU98228725/index.html • CWE-428: Unquoted Search Path or Element •
CVE-2019-5909
https://notcve.org/view.php?id=CVE-2019-5909
13 Feb 2019 — License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors. El servicio de gestión de licencias de los productos YOKOGAWA (CENTUM VP R5.01.00 - R6.06.00; CENTUM VP Entry Class R5.01.00 - R6.06.00; ProSafe-RS... • http://jvn.jp/vu/JVNVU99147082/index.html • CWE-287: Improper Authentication •
CVE-2018-16196
https://notcve.org/view.php?id=CVE-2018-16196
09 Jan 2019 — Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Drive... • http://www.securityfocus.com/bid/106442 • CWE-20: Improper Input Validation •
CVE-2018-0651
https://notcve.org/view.php?id=CVE-2018-0651
09 Jan 2019 — Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) allows remote attackers to stop the license management function or execute an arbitrary program via unspecified vectors. Un desbordamiento de búfer en la función license management de los productos YOKOGAWA (iDefine para ProSafe-RS R1.16.3 y anteriores, STAR... • http://www.securityfocus.com/bid/105124 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-17900
https://notcve.org/view.php?id=CVE-2018-17900
12 Oct 2018 — Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers. En Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, en todas las versiones R4.10 y anteriores, la aplicación web protege incorrectamente las credenciales, lo que podría permitir que un atacante obtenga credenciales para acceder remotamente a los controladores. • https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 • CWE-522: Insufficiently Protected Credentials •
CVE-2018-17902
https://notcve.org/view.php?id=CVE-2018-17902
12 Oct 2018 — Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions. En Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, en todas las versiones R4.10 y anteriores, la aplicación emplea múltiples métodos de gestión de sesiones, lo que podría resultar en una denegación de servicio (DoS) de las funciones de gestión remota. • https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 • CWE-384: Session Fixation •
CVE-2018-17896
https://notcve.org/view.php?id=CVE-2018-17896
12 Oct 2018 — Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work. En Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, en todas las versiones R4.10 y anteriores, los controladores afectados emplean credenciales embebidas que podrían permitir que ... • https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 • CWE-798: Use of Hard-coded Credentials •
CVE-2018-17898
https://notcve.org/view.php?id=CVE-2018-17898
12 Oct 2018 — Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable. En Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, en todas las versiones R4.10 y anteriores, la aplicación del controlador no evita el agotamiento de memoria debido a peticiones no autorizadas. Esto podría permitir que el atacante provoque que el ... • https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 • CWE-400: Uncontrolled Resource Consumption •
CVE-2018-10592
https://notcve.org/view.php?id=CVE-2018-10592
31 Jul 2018 — Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the device, which could result in remote code execution. Los controladores Yokogawa STARDOM FCJ R4.02 y anteriores, FCN-100 R4.02 y anteriores, FCN-RTU R4.02 y anteriores y FCN-500 y anteriores R4.02 emplean credenciales embebidas que podrían... • http://www.securityfocus.com/bid/104376 • CWE-798: Use of Hard-coded Credentials •