CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8110
https://notcve.org/view.php?id=CVE-2024-8110
17 Sep 2024 — Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart. If both the active and standby computers are restarted at the same time, the functionality on that computer may be temporarily unavailable. Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. If a computer on wh... • https://web-material3.yokogawa.com/1/36276/files/YSAR-24-0003-E.pdf • CWE-252: Unchecked Return Value •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4106
https://notcve.org/view.php?id=CVE-2024-4106
26 Jun 2024 — A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product. The affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to R10.04 CI Server R1.01.00 to R1.03.00 Se ha encontrado una vulnerabilidad en FAST/TOOLS y CI Server. Los productos afectados tienen cuentas i... • https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf • CWE-258: Empty Password in Configuration File •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5650
https://notcve.org/view.php?id=CVE-2024-5650
17 Jun 2024 — DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to execute arbitrary programs with the authority of the SYSTEM account. The affected products and versions are as follows: CENTUM CS 3000 R3.08.10 to R3.09.50 CENTUM VP R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, R6.01... • https://web-material3.yokogawa.com/1/36044/files/YSAR-24-0002-E.pdf • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36246
https://notcve.org/view.php?id=CVE-2024-36246
31 May 2024 — Missing authorization vulnerability exists in Unifier and Unifier Cast Version.5.0 or later, and the patch "20240527" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted. Existe una vulnerabilidad de autorización faltante en Unifier y Unifier Cast versión 5.0 o posterior, y el parche "20240527" no se aplicó. Si se explota esta vulnerabilidad, se puede ejecutar código arb... • https://jvn.jp/en/jp/JVN17680667 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23847
https://notcve.org/view.php?id=CVE-2024-23847
31 May 2024 — Incorrect default permissions issue exists in Unifier and Unifier Cast Version.5.0 or later, and the patch "20240527" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted. Existe un problema de permisos predeterminados incorrectos en Unifier y Unifier Cast versión 5.0 o posterior, y el parche "20240527" no se aplicó. Si se explota esta vulnerabilidad, se puede ejecutar có... • https://jvn.jp/en/jp/JVN17680667 • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5915
https://notcve.org/view.php?id=CVE-2023-5915
01 Dec 2023 — A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a crafted packet. While sending the packet, the maintenance homepage of the controller could not be accessed. Therefore, functions of the maintenance homepage, changing configuration, viewing logs, etc. are not available. But the controller’s operation is not... • https://jvn.jp/vu/JVNVU95177889/index.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-26593
https://notcve.org/view.php?id=CVE-2023-26593
11 Apr 2023 — CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user creden... • https://jvn.jp/en/vu/JVNVU98775218 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40984
https://notcve.org/view.php?id=CVE-2022-40984
24 Oct 2022 — Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from 1.31 to 1.61 and WTViewerEfree from 1.01 to 1.52 allows an attacker to cause the product to crash by processing a long file name. El desbordamiento del búfer en la región stack de la memoria en la serie WTViewerE 761941 desde la 1.31 a 1.61 y WTViewerEfree desde la 1.01 a 1.52, permite a un atacante causar un bloqueo del producto al procesar un nombre de archivo largo • https://cdn.aff.yokogawa.com/8/756/details/Vulnerability_in_YOKOGAWA_application_software_WTViewerE_r0_e.pdf • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2022-33939
https://notcve.org/view.php?id=CVE-2022-33939
16 Aug 2022 — CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product. El controlador CENTUM VP / CS 3000 FCS (CP31, CP33, CP345, CP401 y CP451) contiene un problema en el procesamiento de paquetes de comunicación, que puede conllevar a ... • https://jvn.jp/vu/JVNVU94343729/index.html •
CVSS: 7.8EPSS: 4%CPEs: 2EXPL: 0CVE-2022-32284
https://notcve.org/view.php?id=CVE-2022-32284
04 Jul 2022 — Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet. Se presenta una vulnerabilidad de uso de valores insuficientemente aleatorios en el módulo de comunicación Vnet/IP VI461 de YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, que puede permitir a un atacante remoto causar una c... • https://jvn.jp/vu/JVNVU95343906/index.html • CWE-330: Use of Insufficiently Random Values •