#VU11832 Improper access control in Yokogawa products - CVE-2018-8838
Published: April 16, 2018 / Updated: April 16, 2018
Vulnerability identifier: #VU11832
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-8838
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
CENTUM CS 1000
CENTUM CS 3000
CENTUM VP
CENTUM VP Small
CENTUM VP Basic
B/M9000 VP
B/M9000 CS
Exaopc
CENTUM CS 1000
CENTUM CS 3000
CENTUM VP
CENTUM VP Small
CENTUM VP Basic
B/M9000 VP
B/M9000 CS
Exaopc
Software vendor:
Yokogawa
Yokogawa
Description
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to improper access controls. A local attacker can exploit the message management function, generate false system or process alarms, or block system or process alarm displays.
The weakness exists due to improper access controls. A local attacker can exploit the message management function, generate false system or process alarms, or block system or process alarm displays.
Remediation
Update CENTUM CS 1000, CENTUM CS 3000, CENTUM CS 3000 Small to the latest CENTUM VP, CENTUM VP, CENTUM VP Small, CENTUM VP BASIC to version R5.04.B2 or R6.04.00, Exaopc to version R3.76.00.