Yokogawa CENTUM

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v4 7.7
• ATTENTION: Exploitable remotely/Low attack complexity
• Vendor: Yokogawa
• Equipment: CENTUM
• Vulnerability: Uncontrolled Search Path Element

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary programs.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Yokogawa CENTUM, a distributed control system (DCS), are affected:

• CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class): Version R3.08.10 to R3.09.50
• CENTUM VP (Including CENTUM VP Entry Class): Version R4.01.00 to R4.03.00
• CENTUM VP (Including CENTUM VP Entry Class): Version R5.01.00 to R5.04.20
• CENTUM VP (Including CENTUM VP Entry Class): Version R6.01.00 to R6.11.10

3.2 Vulnerability Overview

3.2.1 Improper Access Control CWE-284

If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to execute arbitrary programs with the authority of the SYSTEM account.

CVE-2024-5650 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2024-5650. A base score of 7.7 has been calculated; the CVSS vector string is (CVSS4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.