CVE-2018-16196

CVE

High

Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(…

CVSS

7.5

High

EPSS

0.03

p87

Published

2018-01-01

Updated

2018-01-01

Description

Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors.

Tags · CWE

Pre-auth

CWE-20

CAPEC-3

CAPEC-7

CAPEC-8

CAPEC-9

CAPEC-10

CAPEC-13

CAPEC-14

CAPEC-22

CAPEC-23

CAPEC-24

CAPEC-28

CAPEC-31

CAPEC-42

CAPEC-43

CAPEC-45

CAPEC-46

CAPEC-47

CAPEC-52

CAPEC-53

CAPEC-63

CAPEC-64

CAPEC-67

CAPEC-71

CAPEC-72

CAPEC-73

CAPEC-78

CAPEC-79

CAPEC-80

CAPEC-81

CAPEC-83

CAPEC-85

CAPEC-88

CAPEC-101

CAPEC-104

CAPEC-108

CAPEC-109

CAPEC-110

CAPEC-120

CAPEC-135

CAPEC-136

CAPEC-153

CAPEC-182

CAPEC-209

CAPEC-230

CAPEC-231

CAPEC-250

CAPEC-261

CAPEC-267

CAPEC-473

CAPEC-588

CAPEC-664

Affected products

B\/m9000_vp r6.03.01–r8.01.90Exaopc r3.10.00–r3.75.00Fast\/tools r9.02.00–r10.02.00Plant_resource_manager r2.06.00–r3.31.00Prosafe-rs r1.02.00–r4.02.00

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Timeline

2018-01-01

Published

2018-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: N

None (N)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.033 · p87

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1027Obfuscated Files or Information

└ via CAPEC-267 · CWE-20

T1036.001Invalid Code Signature

└ via CAPEC-473 · CWE-20

T1539Steal Web Session Cookie

└ via CAPEC-31 · CWE-20

T1553.002Code Signing

└ via CAPEC-473 · CWE-20

T1574.006Dynamic Linker Hijacking

└ via CAPEC-13 · CWE-20

T1574.007Path Interception by PATH Environment Variable

└ via CAPEC-13 · CWE-20

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Yokogawa

Centum Vp Centum Cs 3000 Exaopc Centum Vp Firmware Centum Cs 3000 Firmware Fast\/tools B\/m9000 Vp Centum Cs 3000 Entry Class Centum Vp Entry Class Prosafe-rs+1

Product	Vendor	Status
b/m9000_vp	*	Tracked
centum_cs_3000_entry_class	*	Tracked
centum_cs_3000_firmware	*	Tracked
centum_vp_entry_class	*	Tracked
centum_vp_firmware	*	Tracked
exaopc	*	Tracked
fast/tools	*	Tracked
plant_resource_manager	*	Tracked
prosafe-rs	*	Tracked

Source databases

CVE

Related vulnerabilities

BDU:2019-01288