Skip to main content

Exaopc CVE-2019-6008

HIGH
Unquoted Search Path or Element (CWE-428)
2019-12-26 vultures@jpcert.or.jp
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 26, 2019 - 16:15 nvd
HIGH 7.8

DescriptionNVD

An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.

AnalysisAI

An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00),. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-428. An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. Affected products include: Yokogawa Exaopc, Yokogawa Exaplog, Yokogawa Exaquantum, Yokogawa Exaquantum\/Batch, Yokogawa Exarqe.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Exaopc

View all
CVE-2014-0782 HIGH POC
8.3 May 16

Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM C

CVE-2014-3888 HIGH POC
8.3 Jul 10

Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM V

CVE-2014-5208 HIGH POC
7.5 Dec 22

BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00

CVE-2022-23402 CRITICAL
9.8 Mar 11

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5

CVE-2022-21194 CRITICAL
9.8 Mar 11

The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial c

CVE-2022-30707 HIGH
8.8 Jun 28

Violation of secure design principles exists in the communication of CAMS for HIS. Rated high severity (CVSS 8.8), this

CVE-2022-22729 HIGH
8.8 Mar 11

CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets.

CVE-2022-21808 HIGH
8.8 Mar 11

Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM

CVE-2022-22151 HIGH
8.1 Mar 11

CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs:

CVE-2022-22145 HIGH
8.1 Mar 11

CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource con

CVE-2022-21177 HIGH
8.1 Mar 11

There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products

CVE-2023-26593 HIGH
7.8 Apr 11

CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. Ra

Share

CVE-2019-6008 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy