// For flags

CVE-2018-8838

 

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CENTUM VP Basic versions R6.03.10 and earlier, Exaopc versions R3.75.00 and earlier, B/M9000 CS all versions, and B/M9000 VP versions R8.01.01 and earlier may allow a local attacker to exploit the message management function of the system. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H).

Una debilidad en los controles de acceso en CENTUM CS 1000 en todas las versiones, CENTUM CS 3000 en versiones R3.09.50 y anteriores, CENTUM CS 3000 Small en versiones R3.09.50 y anteriores, CENTUM VP en versiones R6.03.10 y anteriores, CENTUM VP Small en versiones R6.03.10 y anteriores, CENTUM VP Basic en versiones R6.03.10 y anteriores, Exaopc en versiones R3.75.00 y anteriores, B/M9000 CS en todas las versiones y B/M9000 VP en versiones R8.01.01 y anteriores podría permitir que un atacante local explote la función de gestión de mensajes del sistema. Se ha calculado una puntuación base de CVSS v3 de 6.5; la cadena de vector CVSS es (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H).

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-03-20 CVE Reserved
  • 2018-04-17 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
URL Tag Source
https://ics-cert.us-cert.gov/advisories/ICSA-18-102-01 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Yokogawa
Search vendor "Yokogawa"
 B\/m9000 Cs
Search vendor "Yokogawa" for product "B\/m9000 Cs"
--
Affected
Yokogawa
Search vendor "Yokogawa"
 B\/m9000 Vp
Search vendor "Yokogawa" for product "B\/m9000 Vp"
 <= r8.01.01
Search vendor "Yokogawa" for product "B\/m9000 Vp" and version " <= r8.01.01"
-
Affected
Yokogawa
Search vendor "Yokogawa"
 Centum Cs 3000
Search vendor "Yokogawa" for product "Centum Cs 3000"
 <= r3.09.50
Search vendor "Yokogawa" for product "Centum Cs 3000" and version " <= r3.09.50"
-
Affected
Yokogawa
Search vendor "Yokogawa"
 Centum Cs 3000
Search vendor "Yokogawa" for product "Centum Cs 3000"
 <= r3.09.50
Search vendor "Yokogawa" for product "Centum Cs 3000" and version " <= r3.09.50"
small
Affected
Yokogawa
Search vendor "Yokogawa"
 Centum Vp
Search vendor "Yokogawa" for product "Centum Vp"
 <= r6.03.10
Search vendor "Yokogawa" for product "Centum Vp" and version " <= r6.03.10"
-
Affected
Yokogawa
Search vendor "Yokogawa"
 Centum Vp
Search vendor "Yokogawa" for product "Centum Vp"
 <= r6.03.10
Search vendor "Yokogawa" for product "Centum Vp" and version " <= r6.03.10"
basic
Affected
Yokogawa
Search vendor "Yokogawa"
 Centum Vp
Search vendor "Yokogawa" for product "Centum Vp"
 <= r6.03.10
Search vendor "Yokogawa" for product "Centum Vp" and version " <= r6.03.10"
small
Affected
Yokogawa
Search vendor "Yokogawa"
 Exaopc
Search vendor "Yokogawa" for product "Exaopc"
 <= r3.75.00
Search vendor "Yokogawa" for product "Exaopc" and version " <= r3.75.00"
-
Affected