CVE-2019-6008

Summary

CVE	CVE-2019-6008
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-12-26 16:15:00 UTC
Updated	2020-01-08 20:39:00 UTC
Description	An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.

Risk And Classification

Problem Types: CWE-428

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Yokogawa	Exaopc	All	All	All	All
Application	Yokogawa	Exaplog	All	All	All	All
Application	Yokogawa	Exaquantum	All	All	All	All
Application	Yokogawa	Exaquantum/batch	All	All	All	All
Application	Yokogawa	Exaquantum/batch	All	All	All	All
Application	Yokogawa	Exarqe	All	All	All	All
Application	Yokogawa	Exarqe	All	All	All	All
Application	Yokogawa	Exasmoc	All	All	All	All
Application	Yokogawa	Exasmoc	All	All	All	All
Application	Yokogawa	Ga10	All	All	All	All
Application	Yokogawa	Insightsuiteae	All	All	All	All

References

Reference	Source	Link	Tags
JVNVU#98228725: 横河製品が登録する Windows サービスで実行ファイルのパスが引用符で囲まれていない脆弱性	MISC	jvn.jp	Third Party Advisory
Yokogawa Security Advisory Report List \| Yokogawa Electric Corporation	MISC	www.yokogawa.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.