Security restrictions bypass in Yokogawa CENTUM and Exaopc

1) Improper access control

EUVDB-ID: #VU11832

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-8838

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to improper access controls. A local attacker can exploit the message management function, generate false system or process alarms, or block system or process alarm displays.

Mitigation

Update CENTUM CS 1000, CENTUM CS 3000, CENTUM CS 3000 Small to the latest CENTUM VP, CENTUM VP, CENTUM VP Small, CENTUM VP BASIC to version R5.04.B2 or R6.04.00, Exaopc to version R3.76.00.

Vulnerable software versions

CENTUM CS 1000: All versions

CENTUM CS 3000: All versions

CENTUM VP: All versions

CENTUM VP Small: All versions

CENTUM VP Basic: All versions

Exaopc: All versions

B/M9000 VP: All versions

B/M9000 CS: All versions

CPE2.3

• cpe:2.3:a:yokogawa:centum_cs_1000:*:*:*:*:*:*:*:
• cpe:2.3:a:yokogawa:centum_cs_3000:*:*:*:*:*:*:*:
• cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:
• cpe:2.3:a:yokogawa:centum_vp_small:*:*:*:*:*:*:*:
• cpe:2.3:a:yokogawa:centum_vp_basic:*:*:*:*:*:*:*:
• cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:
• cpe:2.3:a:yokogawa:b_m9000_vp:*:*:*:*:*:*:*:
• cpe:2.3:a:yokogawa:b_m9000_cs:*:*:*:*:*:*:*:

External links

http://web-material3.yokogawa.com/YSAR-18-0001-E.pdf

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.