Details of VAR-201804-1571

ID

VAR-201804-1571

CVE

CVE-2018-8838

TITLE

CENTUM When Exaopc Vulnerable to inadequate access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2018-002523

DESCRIPTION

A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CENTUM VP Basic versions R6.03.10 and earlier, Exaopc versions R3.75.00 and earlier, B/M9000 CS all versions, and B/M9000 VP versions R8.01.01 and earlier may allow a local attacker to exploit the message management function of the system. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H). Provided by Yokogawa Electric Corporation CENTUM When Exaopc Lacks access restrictions (<a href="https://cwe.mitre.org/data/definitions/264.html"target="blank">CWE-264</a>) Vulnerability exists.An attacker who can log in to the product could be able to forge the alarm and obstruct the alarm display. CENTUM CS 3000, CENTUM VP, etc. are Yokogawa's motor products and are Windows-based control systems. These products can be used in a variety of industries including key manufacturing, energy, food and agriculture. Yokogawa CENTUM and Exaopc have privilege escalation vulnerabilities that can be exploited by local attackers to generate erroneous system or process alerts or to prevent system or process alert displays. Yokogawa CENTUM and Exaopc are prone to local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. The system is mainly used in multi-field factories. An elevation of privilege vulnerability exists in several Yokogawa products. A local attacker could exploit this vulnerability to use the system's message management functionality

Trust: 2.7

sources: NVD: CVE-2018-8838 // JVNDB: JVNDB-2018-002523 // CNVD: CNVD-2018-07299 // BID: 103973 // IVD: e2eb40d1-39ab-11e9-9c26-000c29342cb1 // VULHUB: VHN-138870

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2eb40d1-39ab-11e9-9c26-000c29342cb1 // CNVD: CNVD-2018-07299

AFFECTED PRODUCTS

vendor:	yokogawa	model:	b\/m9000 cs	scope:	eq	version:	-	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	lte	version:	r3.09.50	Trust: 1.0
vendor:	yokogawa	model:	exaopc	scope:	lte	version:	r3.75.00	Trust: 1.0
vendor:	yokogawa	model:	b\/m9000 vp	scope:	lte	version:	r8.01.01	Trust: 1.0
vendor:	yokogawa	model:	centum vp	scope:	lte	version:	r6.03.10	Trust: 1.0
vendor:	yokogawa electric	model:	b/m9000 vp	scope:	lte	version:	r8.01.01	Trust: 0.8
vendor:	yokogawa electric	model:	b/m9000cs	scope:	-	version:	-	Trust: 0.8
vendor:	yokogawa electric	model:	centum cs 1000	scope:	-	version:	-	Trust: 0.8
vendor:	yokogawa electric	model:	centum cs 3000	scope:	lte	version:	r3.09.50	Trust: 0.8
vendor:	yokogawa electric	model:	centum cs 3000	scope:	lte	version:	small r3.09.50	Trust: 0.8
vendor:	yokogawa electric	model:	centum vp	scope:	lte	version:	basic r6.03.10	Trust: 0.8
vendor:	yokogawa electric	model:	centum vp	scope:	lte	version:	r6.03.10	Trust: 0.8
vendor:	yokogawa electric	model:	centum vp	scope:	lte	version:	small r6.03.10	Trust: 0.8
vendor:	yokogawa electric	model:	exaopc	scope:	lte	version:	r3.75.00	Trust: 0.8
vendor:	centum vp	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	yokogawa	model:	centum series	scope:	-	version:	-	Trust: 0.6
vendor:	yokogawa	model:	centum cs	scope:	eq	version:	1000	Trust: 0.6
vendor:	yokogawa	model:	centum cs <=r3.09.50	scope:	eq	version:	3000	Trust: 0.6
vendor:	yokogawa	model:	centum cs small <=r3.09.50	scope:	eq	version:	3000	Trust: 0.6
vendor:	yokogawa	model:	centum vp <=r6.03.10	scope:	-	version:	-	Trust: 0.6
vendor:	yokogawa	model:	centum vp small <=r6.03.10	scope:	-	version:	-	Trust: 0.6
vendor:	yokogawa	model:	centum vp basic <=r6.03.10	scope:	-	version:	-	Trust: 0.6
vendor:	yokogawa	model:	exaopc <=r3.75.00	scope:	-	version:	-	Trust: 0.6
vendor:	yokogawa	model:	b/m9000 cs	scope:	-	version:	-	Trust: 0.6
vendor:	yokogawa	model:	b/m9000 vp <=r8.01.01	scope:	-	version:	-	Trust: 0.6
vendor:	yokogawa	model:	b\/m9000 vp	scope:	eq	version:	r8.01.01	Trust: 0.6
vendor:	yokogawa	model:	centum cs 1000	scope:	eq	version:	-	Trust: 0.6
vendor:	yokogawa	model:	exaopc	scope:	eq	version:	r3.75.00	Trust: 0.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.09.50	Trust: 0.6
vendor:	yokogawa	model:	centum vp	scope:	eq	version:	r6.03.10	Trust: 0.6
vendor:	centum cs 3000	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	yokogawa	model:	exaopc r3.75.00	scope:	-	version:	-	Trust: 0.3
vendor:	yokogawa	model:	centum vp small r6.03.10	scope:	-	version:	-	Trust: 0.3
vendor:	yokogawa	model:	centum vp basic r6.03.10	scope:	-	version:	-	Trust: 0.3
vendor:	yokogawa	model:	centum vp r6.03.10	scope:	-	version:	-	Trust: 0.3
vendor:	yokogawa	model:	centum cs small r3.09.50	scope:	eq	version:	3000	Trust: 0.3
vendor:	yokogawa	model:	centum cs r3.09.50	scope:	eq	version:	3000	Trust: 0.3
vendor:	yokogawa	model:	centum cs	scope:	eq	version:	10000	Trust: 0.3
vendor:	yokogawa	model:	b/m9000 vp r8.01.01	scope:	-	version:	-	Trust: 0.3
vendor:	yokogawa	model:	b/m9000 cs	scope:	eq	version:	0	Trust: 0.3
vendor:	b m9000 cs	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	b m9000 vp	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	exaopc	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2eb40d1-39ab-11e9-9c26-000c29342cb1 // CNVD: CNVD-2018-07299 // BID: 103973 // JVNDB: JVNDB-2018-002523 // CNNVD: CNNVD-201804-778 // NVD: CVE-2018-8838

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-8838
value:	MEDIUM
Trust: 1.0
JPCERT/CC:	JVNDB-2018-002523
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-07299
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201804-778
value:	MEDIUM
Trust: 0.6
IVD:	e2eb40d1-39ab-11e9-9c26-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-138870
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-8838
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
JPCERT/CC:	JVNDB-2018-002523
severity:	MEDIUM
baseScore:	5.7
vectorString:	AV:L/AC:H/AU:S/C:P/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2018-07299
severity:	MEDIUM
baseScore:	5.9
vectorString:	AV:L/AC:H/AU:N/C:P/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2eb40d1-39ab-11e9-9c26-000c29342cb1
severity:	MEDIUM
baseScore:	5.9
vectorString:	AV:L/AC:H/AU:N/C:P/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.9
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-138870
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-8838
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.5
version:	3.0
Trust: 1.0
JPCERT/CC:	JVNDB-2018-002523
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: e2eb40d1-39ab-11e9-9c26-000c29342cb1 // CNVD: CNVD-2018-07299 // VULHUB: VHN-138870 // JVNDB: JVNDB-2018-002523 // CNNVD: CNNVD-201804-778 // NVD: CVE-2018-8838

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-138870 // JVNDB: JVNDB-2018-002523 // NVD: CVE-2018-8838

THREAT TYPE

local

Trust: 0.9

sources: BID: 103973 // CNNVD: CNNVD-201804-778

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201804-778

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002523

PATCH

title:	YSAR-18-0001: CENTUM と Exaopc にアラームの偽造と妨害の脆弱性	url:	https://web-material3.yokogawa.com/YSAR-18-0001-J.jp.pdf	Trust: 0.8
title:	Patch for Yokogawa CENTUM and Exaopc Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/125853	Trust: 0.6
title:	Multiple Yokogawa Product Privilege License and Access Control Vulnerability Fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80152	Trust: 0.6

sources: CNVD: CNVD-2018-07299 // JVNDB: JVNDB-2018-002523 // CNNVD: CNNVD-201804-778

EXTERNAL IDS

db:	NVD	id:	CVE-2018-8838	Trust: 3.6
db:	ICS CERT	id:	ICSA-18-102-01	Trust: 3.4
db:	CNVD	id:	CNVD-2018-07299	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-778	Trust: 0.8
db:	JVN	id:	JVNVU98102375	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-002523	Trust: 0.8
db:	BID	id:	103973	Trust: 0.4
db:	IVD	id:	E2EB40D1-39AB-11E9-9C26-000C29342CB1	Trust: 0.2
db:	SEEBUG	id:	SSVID-98979	Trust: 0.1
db:	VULHUB	id:	VHN-138870	Trust: 0.1

sources: IVD: e2eb40d1-39ab-11e9-9c26-000c29342cb1 // CNVD: CNVD-2018-07299 // VULHUB: VHN-138870 // BID: 103973 // JVNDB: JVNDB-2018-002523 // CNNVD: CNNVD-201804-778 // NVD: CVE-2018-8838

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-102-01	Trust: 3.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8838	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu98102375	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-8838	Trust: 0.8
url:	http://www.yokogawa.com/	Trust: 0.3

sources: CNVD: CNVD-2018-07299 // VULHUB: VHN-138870 // BID: 103973 // JVNDB: JVNDB-2018-002523 // CNNVD: CNNVD-201804-778 // NVD: CVE-2018-8838

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103973

SOURCES

db:	IVD	id:	e2eb40d1-39ab-11e9-9c26-000c29342cb1
db:	CNVD	id:	CNVD-2018-07299
db:	VULHUB	id:	VHN-138870
db:	BID	id:	103973
db:	JVNDB	id:	JVNDB-2018-002523
db:	CNNVD	id:	CNNVD-201804-778
db:	NVD	id:	CVE-2018-8838

LAST UPDATE DATE

2024-11-23T22:52:05.908000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-07299	date:	2018-04-17T00:00:00
db:	VULHUB	id:	VHN-138870	date:	2019-10-03T00:00:00
db:	BID	id:	103973	date:	2018-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-002523	date:	2018-08-22T00:00:00
db:	CNNVD	id:	CNNVD-201804-778	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-8838	date:	2024-11-21T04:14:25.420

SOURCES RELEASE DATE

db:	IVD	id:	e2eb40d1-39ab-11e9-9c26-000c29342cb1	date:	2018-04-10T00:00:00
db:	CNVD	id:	CNVD-2018-07299	date:	2018-04-17T00:00:00
db:	VULHUB	id:	VHN-138870	date:	2018-04-17T00:00:00
db:	BID	id:	103973	date:	2018-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-002523	date:	2018-04-17T00:00:00
db:	CNNVD	id:	CNNVD-201804-778	date:	2018-04-18T00:00:00
db:	NVD	id:	CVE-2018-8838	date:	2018-04-17T21:29:00.343