Lucene search

7168b535-132a-4efe-a076-338f829b2eb9NVD:CVE-2024-5650

HistoryJun 17, 2024 - 7:15 a.m.

CVE-2024-5650

2024-06-1707:15:41

CWE-284

7168b535-132a-4efe-a076-338f829b2eb9

web.nvd.nist.gov

dll hijacking

centum cams

yokogawa electric

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to execute arbitrary programs with the authority of the SYSTEM account.

The affected products and versions are as follows:
CENTUM CS 3000 R3.08.10 to R3.09.50
CENTUM VP R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, R6.01.00 to R6.11.10.

References

web-material3.yokogawa.com/1/36044/files/YSAR-24-0002-E.pdf

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for NVD:CVE-2024-5650