CVE-2018-8838
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-8838
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CENTUM VP Basic versions R6.03.10 and earlier, Exaopc versions R3.75.00 and earlier, B/M9000 CS all versions, and B/M9000 VP versions R8.01.01 and earlier may allow a local attacker to exploit the message management function of the system. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款Yokogawa产品权限许可和访问控制问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Yokogawa CENTUM CS 1000等都是日本横河电机(Yokogawa)公司的大型生产控制系统。该系统主要应用于多领域工厂中。 多款Yokogawa产品中存在提权漏洞。本地攻击者可利用该漏洞使用系统的消息管理功能。以下产品和版本受到影响:Yokogawa CENTUM CS 1000;CENTUM CS 3000 R3.09.50及之前版本;CENTUM CS 3000 Small R3.09.50及之前版本;CENTUM VP R6.03.10及之前版本;CENTUM VP Small R6
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ICS-CERT | Yokogawa CENTUM and Exaopc | CENTUM series CENTUM CS 1000 all versions CENTUM CS 3000 versions R3.09.50 and prior CENTUM CS 3000 Small versions R3.09.50 and prior CENTUM VP versions R6.03.10 and prior CENTUM VP Small versions R6.03.10 and prior CENTUM VP Basic versions R6.03.10 and p | - |
II. Public POCs for CVE-2018-8838
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-8838
请登录查看更多情报信息。
- https://ics-cert.us-cert.gov/advisories/ICSA-18-102-01x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2018-8838
Same Patch Batch · ICS-CERT · 2018-04-17 · 4 CVEs total
| CVE-2018-7514 | Omron CX-One多个软件缓冲区错误漏洞 | |
| CVE-2018-7530 | Omron CX-One多个软件安全漏洞 | |
| CVE-2018-8834 | Omron CX-One多个软件缓冲区错误漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2018-8838
No comments yet