Yokogawa Centum VP DCS HIS
Limited Threat
CVE ID
N/A
Vunerability Type
Hard-coded Windows Credentials
Hard-coded HTTP Credentials
Named Pipe Command Injection
HTTP Arbitrary File Read/Write
CAMS Log Server DoS
CAMS Log Server Directory Traversal
CAMS Arbitrary Log Entries and Log Overwriting
Named Pipe Arbitrary File Deletion
Scheduler Privilege Escalation
Dynamic-Link Library (DLL) Planting Privilege Escalation
CVSS3 Score
9.8
8.2
8.8
8.8
7.5
7.5
5.3
8.1
8.8
8.8
CVSSv3 Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Affecting
Mitigation
No mititagion advice is available from the vendor. Yokogawa reportedly intends to address most of the vulnerabilities by December 2021.
03/16/2021