Skip to main content
Security Advisory

Yokogawa Centum VP DCS HIS

Risk Information

Limited Threat

CVE ID

N/A

Vunerability Type

Hard-coded Windows Credentials

Hard-coded HTTP Credentials

Named Pipe Command Injection

HTTP Arbitrary File Read/Write

CAMS Log Server DoS

CAMS Log Server Directory Traversal

CAMS Arbitrary Log Entries and Log Overwriting

Named Pipe Arbitrary File Deletion

Scheduler Privilege Escalation

Dynamic-Link Library (DLL) Planting Privilege Escalation

CVSS3 Score

9.8

8.2

8.8

8.8

7.5

7.5

5.3

8.1

8.8

8.8

CVSSv3 Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Affecting

  • Yokogawa Centum VP R6.07.

    • Mitigation

    No mititagion advice is available from the vendor. Yokogawa reportedly intends to address most of the vulnerabilities by December 2021.

    03/16/2021