Multiple Vulnerabilities In Yokogawa CENTUM, ProSafe-RS And B ...
Published: May 4, 2022
Security Bulletin ID SB2022050403 Severity Medium Patch available YES Number of vulnerabilities 3 Exploitation vector Remote access Highest impact Denial of serviceBreakdown by Severity
Medium 100%- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2019-0203)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when processing a certain sequence of commands within the svnserve process. A remote non-authenticated attacker can send specially crafted commends to the Subversion server and perform a denial of service (DoS) attack.
2) Reachable Assertion (CVE-ID: CVE-2018-11782)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when handling svnserve 'get-deleted-rev' requests. A remote authenticated attacker with read-only permissions can make the server to reply with incorrect revision number that will lead to svnserve crash.
3) Resource management error (CVE-ID: CVE-2015-0248)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application in the mod_dav_svn and svnserve servers. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://web-material3.yokogawa.com/1/32463/files/YSAR-22-0004-E.pdf?_ga=2.143762992.424376056.1651645224-1390463896.1651645224</p><p><br></p>
Vulnerable Software
- CENTUM VP: R6.01.10,R6.07.10 and previous versions
- CENTUM VP Entry Class: R6.01.10,R6.07.10 and previous versions
- ProSafe-RS: R4.01.00,R4.05.00 and previous versions
- B/M9000 VP: R8.01.01,R8.03.01 and previous versions
We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic.
Customize settingsNecessary
Required for basic site functionality
Google Analytics
Helps us understand how visitors use our site
Accept All Decline AllLearn more in our Privacy Policy
Please verify you're human
Complete the CAPTCHA below or accept cookies to continue browsing.
or Accept CookiesTừ khóa » B/m9000vp
-
A High-precision Color Sensor For The B/M9000VP System - Yokogawa
-
[PDF] General Specifications - Yokogawa
-
[PDF] A High-precision IR Moisture Sensor For The B/M9000VP System
-
Yokogawa B/m9000 Vp : CVE Security Vulnerabilities, Versions And ...
-
Yokogawa CVE - OpenCVE
-
List Of Versions - CVEbuzz
-
B/M9000 VP Firmware - Vicarius
-
Yokogawa B/m9000 Vp Software - OVAL Definitions
-
CVE-2022-27188 Detail - CVE Record | CVE
-
Yokogawa CENTUM And ProSafe-RS | CISA - US-CERT
-
Centum Vp Vulnerabilities And Exploits - Vulmon
-
CVE-2022-30707 | Tenable®
-
General Specifications - Yokogawa - us
-
CVE-2014-3888 - The MITRE Corporation
-
Results For «a:yokogawa:b,m9000_vp:r8.01.01 - | CPE
-
[Control Systems] Yokogawa Security Advisory (AV22-346)
-
Details Of VAR-202204-0836