Vulnerability-Lookup

CVE-2018-16196 (GCVE-0-2018-16196)

Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17

Summary

Severity ?

No CVSS data available.

CWE

Denial-of-service (DoS)

Assigner

jpcert

References

URL

	Vendor	Product	Version
	Yokogawa Electric Corporation	Multiple Yokogawa products that contain Vnet/IP Open Communication Driver	Affected: (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90))

VAR-201901-0794

Vulnerability from variot - Updated: 2024-11-23 21:52

Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors. Provided by Yokogawa Electric Corporation Vnet/IP For open communication drivers, disruption of service operation due to driver reception processing (DoS) Vulnerabilities (CWE-399) Exists. This vulnerability information is provided by developers for the purpose of disseminating to product users. JPCERT/CC To report to JPCERT/CC By developers and the United States ICS-CERT And adjusted.Service disruption when processing a large number of packets sent from a remote third party (DoS) State Vnet/IP The communication function of the open communication driver may stop. Yokogawa Vnet/IP Open Communication Driver is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service conditions. The following products are affected: Yokogawa CENTUM CS 3000 R3.05.00 through R3.09.5 Yokogawa CENTUM CS 3000 Entry Class R3.05.00 through R3.09.50 Yokogawa CENTUM VP R4.01.00 through R6.03.10 Yokogawa CENTUM VP Entry Class R4.01.00 through R6.03.10 Yokogawa Exaopc R3.10.00 through R3.75.00 Yokogawa PRM R2.06.00 through R3.31.00 Yokogawa ProSafethrough RS R1.02.00 through R4.02.00 Yokogawa FAST/TOOLS R9.02.00 through R10.02.00 Yokogawa B/M9000 VP R6.03.01 through R8.01.90. Yokogawa CENTUM CS 3000, etc. are all products of Japan's Yokogawa (Yokogawa) company. Yokogawa CENTUM CS 3000 is a large-scale production control system. Exaopc is an OPC data access server

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-0794",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "b\\/m9000 vp",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r6.03.01"
      },
      {
        "model": "centum cs 3000 entry class",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r3.09.50"
      },
      {
        "model": "fast\\/tools",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r9.02.00"
      },
      {
        "model": "centum vp",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r4.01.00"
      },
      {
        "model": "centum cs 3000 entry class",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r3.05.00"
      },
      {
        "model": "b\\/m9000 vp",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r8.01.90"
      },
      {
        "model": "exaopc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r3.75.00"
      },
      {
        "model": "fast\\/tools",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r10.02.00"
      },
      {
        "model": "centum vp entry class",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r4.01.00"
      },
      {
        "model": "plant resource manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r3.31.00"
      },
      {
        "model": "prosafe-rs",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r4.02.00"
      },
      {
        "model": "centum vp",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r6.03.10"
      },
      {
        "model": "exaopc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r3.10.00"
      },
      {
        "model": "centum cs 3000",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r3.05.00"
      },
      {
        "model": "centum cs 3000",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r3.09.50"
      },
      {
        "model": "centum vp entry class",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r6.03.10"
      },
      {
        "model": "plant resource manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r2.06.00"
      },
      {
        "model": "prosafe-rs",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r1.02.00"
      },
      {
        "model": "b/m9000 vp",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "(r6.03.01 from  r8.01.90  )"
      },
      {
        "model": "centum cs 3000",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "(r3.05.00 from  r3.09.50  )"
      },
      {
        "model": "centum cs 3000",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "small (r3.05.00 from  r3.09.50  )"
      },
      {
        "model": "centum vp",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "(r4.01.00 from  r6.03.10  )"
      },
      {
        "model": "centum vp",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "basic (r4.01.00 from  r6.03.10  )"
      },
      {
        "model": "centum vp",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "small (r4.01.00 from  r6.03.10  )"
      },
      {
        "model": "exaopc",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "(r3.10.00 from  r3.75.00  )"
      },
      {
        "model": "fast/tools",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "(r9.02.00 from  r10.02.00  )"
      },
      {
        "model": "prm",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "(r2.06.00 from  r3.31.00  )"
      },
      {
        "model": "prosafe-rs",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "(r1.02.00 from  r4.02.00  )"
      },
      {
        "model": "prosafe-rs r4.02.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "prosafe-rs r3.02.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "prosafe-rs r2.03.80",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "prosafe-rs r1.03.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "prosafe-rs r1.02.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "prm r3.31.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "prm r3.12.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "prm r3.11.20",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "prm r2.06.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "fast/tools r9.05-sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "fast/tools r9.05",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "fast/tools r9.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "fast/tools r9.03",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "fast/tools r9.02.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "fast/tools r10.02.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "fast/tools r10.01",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "exaopc r3.75.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "exaopc r3.72.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "exaopc r3.72.03",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "exaopc r3.72.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "exaopc r3.71.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "exaopc r3.10.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "centum vp entry class r6.03.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "centum vp entry class r5.04.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "centum vp entry class r5.03.51",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "centum vp entry class r5.03.20",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "centum vp entry class r5.03.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "centum vp entry class r4.03.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "centum vp entry class r4.01.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "centum vp r6.03.10",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "centum vp r5.04.20",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "centum vp r5.04.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "centum vp r4.03.56",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "centum vp r4.03.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "centum vp r4.01.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "centum cs entry class r3.09.50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": "3000"
      },
      {
        "model": "centum cs entry class r3.05.00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": "3000"
      },
      {
        "model": "centum cs r3.09.50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": "3000"
      },
      {
        "model": "centum cs r3.09",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": "3000"
      },
      {
        "model": "centum cs r3.08.70",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": "3000"
      },
      {
        "model": "centum cs r3.08.50",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": "3000"
      },
      {
        "model": "centum cs r3.08",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": "3000"
      },
      {
        "model": "centum cs r3.07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": "3000"
      },
      {
        "model": "centum cs r3.06",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": "3000"
      },
      {
        "model": "centum cs r3.05.00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": "3000"
      },
      {
        "model": "b/m9000 vp r8.01.90",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "b/m9000 vp r8.01.01",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "b/m9000 vp r7.03.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "b/m9000 vp r7.03.01",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "b/m9000 vp r6.03.01",
        "scope": null,
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "prosafe-rs r4.03.00",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "prm r4.01.00",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "fast/tools r10.03.00",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "exaopc r3.76.00",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "centum vp entry class r6.04.00",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      },
      {
        "model": "centum vp r6.04.00",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "yokogawa",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106442"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010809"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16196"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:yokogawa:b%2fm9000_vp",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:yokogawa:centum_cs_3000_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:yokogawa:centum_vp",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:yokogawa:exaopc",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:yokogawa:fast%2Ftools",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:yokogawa:plant_resource_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:yokogawa:prosafe-rs",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010809"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "106442"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-16196",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-16196",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "JPCERT/CC",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-010809",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-126531",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-16196",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "JPCERT/CC",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-010809",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-16196",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "JPCERT/CC",
            "id": "JVNDB-2018-010809",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201901-077",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-126531",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126531"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010809"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-077"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16196"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver\u0027s communication via unspecified vectors. Provided by Yokogawa Electric Corporation Vnet/IP For open communication drivers, disruption of service operation due to driver reception processing (DoS) Vulnerabilities (CWE-399) Exists. This vulnerability information is provided by developers for the purpose of disseminating to product users. JPCERT/CC To report to JPCERT/CC By developers and the United States ICS-CERT And adjusted.Service disruption when processing a large number of packets sent from a remote third party (DoS) State Vnet/IP The communication function of the open communication driver may stop. Yokogawa Vnet/IP Open Communication Driver is prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to cause denial-of-service conditions. \nThe following products are affected:\nYokogawa CENTUM CS 3000 R3.05.00 through R3.09.5\nYokogawa CENTUM CS 3000 Entry Class R3.05.00 through R3.09.50\nYokogawa CENTUM VP R4.01.00 through R6.03.10\nYokogawa CENTUM VP Entry Class R4.01.00 through R6.03.10\nYokogawa Exaopc R3.10.00 through R3.75.00\nYokogawa PRM R2.06.00 through R3.31.00\nYokogawa ProSafethrough RS R1.02.00 through R4.02.00\nYokogawa FAST/TOOLS R9.02.00 through R10.02.00\nYokogawa  B/M9000 VP R6.03.01 through R8.01.90. Yokogawa CENTUM CS 3000, etc. are all products of Japan\u0027s Yokogawa (Yokogawa) company. Yokogawa CENTUM CS 3000 is a large-scale production control system. Exaopc is an OPC data access server",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-16196"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010809"
      },
      {
        "db": "BID",
        "id": "106442"
      },
      {
        "db": "VULHUB",
        "id": "VHN-126531"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-16196",
        "trust": 2.8
      },
      {
        "db": "JVN",
        "id": "JVNVU93652047",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "106442",
        "trust": 1.4
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-19-003-02",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010809",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-077",
        "trust": 0.7
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-98824",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-126531",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126531"
      },
      {
        "db": "BID",
        "id": "106442"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010809"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-077"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16196"
      }
    ]
  },
  "id": "VAR-201901-0794",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126531"
      }
    ],
    "trust": 0.7340904749999999
  },
  "last_update_date": "2024-11-23T21:52:31.760000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "YSAR-18-0008: Vnet/IP\u30aa\u30fc\u30d7\u30f3\u901a\u4fe1\u30c9\u30e9\u30a4\u30d0\u306b\u30b5\u30fc\u30d3\u30b9\u904b\u7528\u59a8\u5bb3(DoS)\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "https://www.yokogawa.co.jp/library/resources/white-papers/yokogawa-security-advisory-report-list/"
      },
      {
        "title": "Yokogawa Exaopc Enter the fix for the verification vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89500"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010809"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-077"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-399",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126531"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010809"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16196"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://web-material3.yokogawa.com/ysar-18-0008-e.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://jvn.jp/vu/jvnvu93652047/index.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/106442"
      },
      {
        "trust": 1.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-003-02"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16196"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu93652047/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16196"
      },
      {
        "trust": 0.3,
        "url": "https://www.yokogawa.com/in"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-126531"
      },
      {
        "db": "BID",
        "id": "106442"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010809"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-077"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16196"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-126531"
      },
      {
        "db": "BID",
        "id": "106442"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010809"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-077"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16196"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126531"
      },
      {
        "date": "2019-12-21T00:00:00",
        "db": "BID",
        "id": "106442"
      },
      {
        "date": "2018-12-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-010809"
      },
      {
        "date": "2019-01-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-077"
      },
      {
        "date": "2019-01-09T23:29:04.560000",
        "db": "NVD",
        "id": "CVE-2018-16196"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-02-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-126531"
      },
      {
        "date": "2019-12-21T00:00:00",
        "db": "BID",
        "id": "106442"
      },
      {
        "date": "2019-08-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-010809"
      },
      {
        "date": "2019-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-077"
      },
      {
        "date": "2024-11-21T03:52:16.253000",
        "db": "NVD",
        "id": "CVE-2018-16196"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "106442"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Yokogawa Electric  Vnet/IP Service operation disruption to open communication drivers  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010809"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-077"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2018-16196

Vulnerability from fkie_nvd - Published: 2019-01-09 23:29 - Updated: 2024-11-21 03:52

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://www.securityfocus.com/bid/106442	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	https://jvn.jp/vu/JVNVU93652047/index.html	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106442	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/vu/JVNVU93652047/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf	Vendor Advisory

Impacted products

Vendor	Product	Version
yokogawa	centum_cs_3000_firmware	*
yokogawa	centum_cs_3000	-
yokogawa	centum_cs_3000_entry_class	*
yokogawa	centum_vp_firmware	*
yokogawa	centum_vp	-
yokogawa	centum_vp_entry_class	*
yokogawa	b\/m9000_vp	*
yokogawa	exaopc	*
yokogawa	fast\/tools	*
yokogawa	plant_resource_manager	*
yokogawa	prosafe-rs	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3EBF753-16FD-40D3-8EED-D72C32883883",
              "versionEndIncluding": "r3.09.50",
              "versionStartIncluding": "r3.05.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000_entry_class:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B46C20CD-6CA3-4233-BBFF-66E7987C2150",
              "versionEndIncluding": "r3.09.50",
              "versionStartIncluding": "r3.05.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1045034-D824-4CC1-9326-EEBA3FB34AAA",
              "versionEndIncluding": "r6.03.10",
              "versionStartIncluding": "r4.01.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_vp_entry_class:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A0FF6A1-E352-4EC5-B34B-2C5276B970C9",
              "versionEndIncluding": "r6.03.10",
              "versionStartIncluding": "r4.01.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:yokogawa:b\\/m9000_vp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8F81F5B-CDB6-4FF2-80CB-D1CA0ABF2C24",
              "versionEndIncluding": "r8.01.90",
              "versionStartIncluding": "r6.03.01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFDEE53D-6CF1-4DAF-95DE-BE832CC2A9A0",
              "versionEndIncluding": "r3.75.00",
              "versionStartIncluding": "r3.10.00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:fast\\/tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B22E279-3BFE-4F58-A639-7761559A1365",
              "versionEndIncluding": "r10.02.00",
              "versionStartIncluding": "r9.02.00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "67C8BD51-4D87-4BDF-AF28-68B327392BEE",
              "versionEndIncluding": "r3.31.00",
              "versionStartIncluding": "r2.06.00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:prosafe-rs:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96B459FD-0656-4E3F-A669-F5D07F60949C",
              "versionEndIncluding": "r4.02.00",
              "versionStartIncluding": "r1.02.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver\u0027s communication via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples productos Yokogawa que contienen el controlador Vnet/IP Open Communication (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00) y B/M9000 VP(R6.03.01 - R8.01.90)) permiten que atacantes remotos provoquen una denegaci\u00f3n de servicio (DoS) que podr\u00eda resultar en la detenci\u00f3n de la comunicaci\u00f3n del controlador Vnet/IP Open Communication mediante vectores sin especificar."
    }
  ],
  "id": "CVE-2018-16196",
  "lastModified": "2024-11-21T03:52:16.253",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-09T23:29:04.560",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106442"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/vu/JVNVU93652047/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/vu/JVNVU93652047/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-R9JM-C64M-GRF2

Vulnerability from github – Published: 2022-05-14 01:34 – Updated: 2022-05-14 01:34

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-16196"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-09T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver\u0027s communication via unspecified vectors.",
  "id": "GHSA-r9jm-c64m-grf2",
  "modified": "2022-05-14T01:34:00Z",
  "published": "2022-05-14T01:34:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16196"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/vu/JVNVU93652047/index.html"
    },
    {
      "type": "WEB",
      "url": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106442"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-16196

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-16196

Aliases

CVE-2018-16196

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-16196",
    "description": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver\u0027s communication via unspecified vectors.",
    "id": "GSD-2018-16196"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-16196"
      ],
      "details": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver\u0027s communication via unspecified vectors.",
      "id": "GSD-2018-16196",
      "modified": "2023-12-13T01:22:26.450574Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-16196",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "(CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90))"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Yokogawa Electric Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver\u0027s communication via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial-of-service (DoS)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "106442",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106442"
          },
          {
            "name": "https://jvn.jp/vu/JVNVU93652047/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/vu/JVNVU93652047/index.html"
          },
          {
            "name": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf",
            "refsource": "MISC",
            "url": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "r3.09.50",
                    "versionStartIncluding": "r3.05.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000_entry_class:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "r3.09.50",
                "versionStartIncluding": "r3.05.00",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "r6.03.10",
                    "versionStartIncluding": "r4.01.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp_entry_class:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "r6.03.10",
                "versionStartIncluding": "r4.01.00",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "r3.75.00",
                "versionStartIncluding": "r3.10.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:b\\/m9000_vp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "r8.01.90",
                "versionStartIncluding": "r6.03.01",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:fast\\/tools:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "r10.02.00",
                "versionStartIncluding": "r9.02.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:prosafe-rs:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "r4.02.00",
                "versionStartIncluding": "r1.02.00",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "r3.31.00",
                "versionStartIncluding": "r2.06.00",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-16196"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver\u0027s communication via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf"
            },
            {
              "name": "https://jvn.jp/vu/JVNVU93652047/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://jvn.jp/vu/JVNVU93652047/index.html"
            },
            {
              "name": "106442",
              "refsource": "BID",
              "tags": [
                "VDB Entry",
                "Third Party Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/106442"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-02-14T14:59Z",
      "publishedDate": "2019-01-09T23:29Z"
    }
  }
}

ICSA-19-003-02

Vulnerability from csaf_cisa - Published: 2019-01-03 00:00 - Updated: 2019-01-03 00:00

Summary

Yokogawa Vnet/IP Open Communication Driver

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability could allow an attacker to cause Vnet/IP network communications to controlled devices to become unavailable.

Critical infrastructure sectors

Critical Manufacturing, Energy, Food and Agriculture

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Yokogawa",
        "summary": "reporting this this vulnerability to NCCIC"
      },
      {
        "organization": "JPCERT",
        "summary": "reporting this this vulnerability to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow an attacker to cause Vnet/IP network communications to controlled devices to become unavailable.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Energy, Food and Agriculture",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-003-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-003-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-19-003-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-003-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Yokogawa Vnet/IP Open Communication Driver",
    "tracking": {
      "current_release_date": "2019-01-03T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-19-003-02",
      "initial_release_date": "2019-01-03T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2019-01-03T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-19-003-02 Yokogawa Vnet IP Open Communication Driver"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= R3.10.00 | \u003c= R3.75.00",
                "product": {
                  "name": "Exaopc: (R3.10.00 - R3.75.00)",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Exaopc"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= R9.02.00 | \u003c= R10.02.00",
                "product": {
                  "name": "FAST/TOOLS: (R9.02.00 - R10.02.00)",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "FAST/TOOLS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= R3.05.00 | \u003c= R3.09.50",
                "product": {
                  "name": "CENTUM CS 3000: (R3.05.00 - R3.09.50)",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "CENTUM CS 3000"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= R3.05.00 | \u003c= R3.09.50",
                "product": {
                  "name": "CENTUM CS 3000 Entry Class: (R3.05.00 - R3.09.50)",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "CENTUM CS 3000 Entry Class"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= R1.02.00 | \u003c= 4.02.00",
                "product": {
                  "name": "ProSafe-RS: (R1.02.00 - R4.02.00)",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "ProSafe-RS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= R4.01.00 | \u003c= R6.03.10",
                "product": {
                  "name": "CENTUM VP Entry Class: (R4.01.00 - R6.03.10)",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "CENTUM VP Entry Class"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= R6.03.01 | \u003c= R8.01.90",
                "product": {
                  "name": "B/M9000 VP: (R6.03.01 - R8.01.90)",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "B/M9000 VP"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= R2.06.00 | \u003c= R3.31.00",
                "product": {
                  "name": "PRM: (R2.06.00 - R3.31.00)",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "PRM"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=R4.01.00 | \u003c= R6.03.10",
                "product": {
                  "name": "CENTUM VP: (R4.01.00 - R6.03.10)",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "CENTUM VP"
          }
        ],
        "category": "vendor",
        "name": "Yokogawa"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-16196",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Vnet/IP Open Communication Driver has a vulnerability that could allow an attacker to stop the communications functionality of the Vnet/IP Open Communication Driver, resulting in a denial of service.CVE-2018-16196 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16196"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Yokogawa recommends users of affected devices and versions update to the latest available release.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "mitigation",
          "details": "Details about the products, affected revisions, and suggested mitigations are available in the Yokogawa Security Advisory Report YSAR-18-0008: denial of service (DoS) vulnerability in Vnet/IP Open Communication Driver.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please see Yokogawa Security Advisory Report YSAR-18-0008 at the following location for more information",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://web-material3.yokogawa.com/YSAR-18-0008-E.pdf"
        },
        {
          "category": "mitigation",
          "details": "For questions related to this report and details regarding how to update to the newest revision, please visit the Yokogawa security website (registration required)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ],
          "url": "https://contact.yokogawa.com/cs/gw?c-id=000498"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-16196 (GCVE-0-2018-16196)

VAR-201901-0794

FKIE_CVE-2018-16196

GHSA-R9JM-C64M-GRF2

GSD-2018-16196

ICSA-19-003-02

Tags

Sightings

Nomenclature