CVE-2019-6008

Published Dec 26, 2019

Last updated 5 years ago

CVSS high 7.8

Overview

Description: An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-428

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91D6B3D6-E908-4E19-AB94-5498B12ED834",
            "versionEndIncluding": "r3.77.00",
            "versionStartIncluding": "r1.01.00"
          },
          {
            "criteria": "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D99F269-84E5-4DC1-B17E-D3288138959F",
            "versionEndIncluding": "r3.30.00",
            "versionStartIncluding": "r1.10.00"
          },
          {
            "criteria": "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2F5BE9D-2150-4EEC-B749-E2F552653293",
            "versionEndIncluding": "r3.02.00",
            "versionStartIncluding": "r1.10.00"
          },
          {
            "criteria": "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95A37F00-92D1-4437-86E3-16606C700169",
            "versionEndIncluding": "r2.50.40",
            "versionStartIncluding": "r1.01.00"
          },
          {
            "criteria": "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0563434-02C4-45D2-B119-5586F823281D"
          },
          {
            "criteria": "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CC76876-D26E-4DE8-8403-4676A2B41923"
          },
          {
            "criteria": "cpe:2.3:a:yokogawa:ga10:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "859D7D36-8EAF-4368-93B0-5891DD1A14B0",
            "versionEndIncluding": "r3.05.01",
            "versionStartIncluding": "r1.01.01"
          },
          {
            "criteria": "cpe:2.3:a:yokogawa:insightsuiteae:*:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4996F8C8-E3BD-425B-AD64-14A98786A2C1",
            "versionEndIncluding": "r1.06.00",
            "versionStartIncluding": "r1.01.00"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References