Sign-up

ID

VAR-202304-0092


CVE

CVE-2023-26593


TITLE

Yokogawa Electric  CENTUM  Vulnerability of Plaintext Storage of Important Information in Series

Trust: 0.8

sources: JVNDB: JVNDB-2023-001411

DESCRIPTION

CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. The following conditions are required for this vulnerability to be exploited

Trust: 1.62

sources: NVD: CVE-2023-26593 // JVNDB: JVNDB-2023-001411

AFFECTED PRODUCTS

vendor:yokogawamodel:centum cs 1000scope:lteversion:r3.09.50

Trust: 1.0

vendor:yokogawamodel:b\/m9000csscope:lteversion:r5.05.01

Trust: 1.0

vendor:yokogawamodel:b\/m9000 vpscope:gteversion:r6.01.01

Trust: 1.0

vendor:yokogawamodel:centum cs 3000 entry classscope:lteversion:r3.09.50

Trust: 1.0

vendor:yokogawamodel:centum vpscope:lteversion:r5.04.20

Trust: 1.0

vendor:yokogawamodel:b\/m9000csscope:gteversion:r5.04.01

Trust: 1.0

vendor:yokogawamodel:centum vpscope:gteversion:r6.01.00

Trust: 1.0

vendor:yokogawamodel:centum cs 3000scope:gteversion:r2.01.00

Trust: 1.0

vendor:yokogawamodel:centum vpscope:gteversion:r5.01.00

Trust: 1.0

vendor:yokogawamodel:centum vpscope:gteversion:r4.01.00

Trust: 1.0

vendor:yokogawamodel:centum vpscope:lteversion:r4.03.00

Trust: 1.0

vendor:yokogawamodel:centum cs 3000scope:lteversion:r3.09.50

Trust: 1.0

vendor:yokogawamodel:centum vp entry classscope:lteversion:r4.02.00

Trust: 1.0

vendor:yokogawamodel:exaopcscope:gteversion:r1.01.00

Trust: 1.0

vendor:yokogawamodel:centum cs 1000scope:gteversion:r2.01.00

Trust: 1.0

vendor:yokogawamodel:b\/m9000 vpscope:lteversion:r7.04.51

Trust: 1.0

vendor:yokogawamodel:exaopcscope:lteversion:r1.20.00

Trust: 1.0

vendor:yokogawamodel:exaopcscope:gteversion:r2.01.00

Trust: 1.0

vendor:yokogawamodel:centum cs 3000 entry classscope:gteversion:r2.01.00

Trust: 1.0

vendor:yokogawamodel:centum vp entry classscope:gteversion:r6.01.00

Trust: 1.0

vendor:yokogawamodel:centum vp entry classscope:gteversion:r5.01.00

Trust: 1.0

vendor:yokogawamodel:exaopcscope:lteversion:r2.10.00

Trust: 1.0

vendor:yokogawamodel:centum vp entry classscope:lteversion:r5.04.20

Trust: 1.0

vendor:yokogawamodel:b\/m9000 vpscope:gteversion:r8.01.01

Trust: 1.0

vendor:yokogawamodel:centum vp entry classscope:gteversion:r4.01.00

Trust: 1.0

vendor:yokogawamodel:exaopcscope:gteversion:r3.01.00

Trust: 1.0

vendor:横河電機株式会社model:centum vpscope: - version: -

Trust: 0.8

vendor:横河電機株式会社model:b/m9000 csscope: - version: -

Trust: 0.8

vendor:横河電機株式会社model:b/m9000 vpscope: - version: -

Trust: 0.8

vendor:横河電機株式会社model:centum cs 3000scope: - version: -

Trust: 0.8

vendor:横河電機株式会社model:centum cs 1000scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-001411 // NVD: CVE-2023-26593

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-26593
value: HIGH

Trust: 1.0

OTHER: JVNDB-2023-001411
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202304-364
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-26593
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2023-001411
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-001411 // CNNVD: CNNVD-202304-364 // NVD: CVE-2023-26593

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.0

problemtype:Plaintext storage of important information (CWE-312) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-001411 // NVD: CVE-2023-26593

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202304-364

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202304-364

PATCH

title:YSAR-23-0001url:https://www.yokogawa.co.jp/library/resources/white-papers/yokogawa-security-advisory-report-list/

Trust: 0.8

title:Multiple Yokogawa Product security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=234540

Trust: 0.6

sources: JVNDB: JVNDB-2023-001411 // CNNVD: CNNVD-202304-364

EXTERNAL IDS

db:NVDid:CVE-2023-26593

Trust: 3.2

db:JVNid:JVNVU98775218

Trust: 2.4

db:JVNDBid:JVNDB-2023-001411

Trust: 1.4

db:CNNVDid:CNNVD-202304-364

Trust: 0.6

sources: JVNDB: JVNDB-2023-001411 // CNNVD: CNNVD-202304-364 // NVD: CVE-2023-26593

REFERENCES

url:https://jvn.jp/en/vu/jvnvu98775218/

Trust: 1.6

url:https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/

Trust: 1.6

url:https://jvn.jp/vu/jvnvu98775218/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-26593

Trust: 0.8

url:https://jvndb.jvn.jp/en/contents/2023/jvndb-2023-001411.html

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-26593/

Trust: 0.6

sources: JVNDB: JVNDB-2023-001411 // CNNVD: CNNVD-202304-364 // NVD: CVE-2023-26593

SOURCES

db:JVNDBid:JVNDB-2023-001411
db:CNNVDid:CNNVD-202304-364
db:NVDid:CVE-2023-26593

LAST UPDATE DATE

2024-08-14T15:21:15.905000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-001411date:2024-05-29T09:09:00
db:CNNVDid:CNNVD-202304-364date:2023-04-23T00:00:00
db:NVDid:CVE-2023-26593date:2023-04-21T03:47:41.653

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-001411date:2023-04-06T00:00:00
db:CNNVDid:CNNVD-202304-364date:2023-04-05T00:00:00
db:NVDid:CVE-2023-26593date:2023-04-11T09:15:08.067