CVE-2018-16196

Published Jan 9, 2019

Last updated 6 years ago

CVSS high 7.5

Overview

Description: Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3EBF753-16FD-40D3-8EED-D72C32883883",
            "versionEndIncluding": "r3.09.50",
            "versionStartIncluding": "r3.05.00"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000_entry_class:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B46C20CD-6CA3-4233-BBFF-66E7987C2150",
            "versionEndIncluding": "r3.09.50",
            "versionStartIncluding": "r3.05.00"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1045034-D824-4CC1-9326-EEBA3FB34AAA",
            "versionEndIncluding": "r6.03.10",
            "versionStartIncluding": "r4.01.00"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:yokogawa:centum_vp_entry_class:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A0FF6A1-E352-4EC5-B34B-2C5276B970C9",
            "versionEndIncluding": "r6.03.10",
            "versionStartIncluding": "r4.01.00"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:yokogawa:b\\/m9000_vp:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8F81F5B-CDB6-4FF2-80CB-D1CA0ABF2C24",
            "versionEndIncluding": "r8.01.90",
            "versionStartIncluding": "r6.03.01"
          },
          {
            "criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFDEE53D-6CF1-4DAF-95DE-BE832CC2A9A0",
            "versionEndIncluding": "r3.75.00",
            "versionStartIncluding": "r3.10.00"
          },
          {
            "criteria": "cpe:2.3:a:yokogawa:fast\\/tools:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B22E279-3BFE-4F58-A639-7761559A1365",
            "versionEndIncluding": "r10.02.00",
            "versionStartIncluding": "r9.02.00"
          },
          {
            "criteria": "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67C8BD51-4D87-4BDF-AF28-68B327392BEE",
            "versionEndIncluding": "r3.31.00",
            "versionStartIncluding": "r2.06.00"
          },
          {
            "criteria": "cpe:2.3:a:yokogawa:prosafe-rs:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96B459FD-0656-4E3F-A669-F5D07F60949C",
            "versionEndIncluding": "r4.02.00",
            "versionStartIncluding": "r1.02.00"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References