CVE-2018-8838
published 2018-04-17CVE-2018-8838: A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier…
PriorityP427medium6.5CVSS 3.0
AVLACHPRLUINSUCLIHAH
EPSS
0.29%
20.8th percentile
A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CENTUM VP Basic versions R6.03.10 and earlier, Exaopc versions R3.75.00 and earlier, B/M9000 CS all versions, and B/M9000 VP versions R8.01.01 and earlier may allow a local attacker to exploit the message management function of the system. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H).
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ics-cert | yokogawa_centum_and_exaopc | — | — |
| yokogawa | b_m9000_vp | <= r8.01.01 | — |
| yokogawa | centum_cs_3000 | <= r3.09.50 | — |
| yokogawa | centum_vp | <= r6.03.10 | — |
| yokogawa | exaopc | <= r3.75.00 | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Yokogawa CENTUM and Exaopc
cisa_ics·2018-04-13·CVSS 6.5
[MEDIUM] Yokogawa CENTUM and Exaopc
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Yokogawa CENTUM and Exaopc
Last RevisedApril 13, 2018
Alert CodeICSA-18-102-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 6.5
- Vendor: Yokogawa
- Equipment: CENTUM series and Exaopc
- Vulnerability: Permissions, Privileges, and Access Controls
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a local attacker to generate false system or process alarms, or block system or process alarm displays.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Yokogawa products are affected:
- CENTUM series
- CENTUM CS 1000 all versions,
GHSA
GHSA-4cv8-c362-f6hv: A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3
ghsa_unreviewed·2022-05-13
CVE-2018-8838 [MEDIUM] GHSA-4cv8-c362-f6hv: A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3
A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CENTUM VP Basic versions R6.03.10 and earlier, Exaopc versions R3.75.00 and earlier, B/M9000 CS all versions, and B/M9000 VP versions R8.01.01 and earlier may allow a local attacker to exploit the message management function of the system. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-04-17
Published