CVE-2023-26593

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2023-26593
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2023-04-11 09:15:00 UTC
Updated2023-04-21 03:47:00 UTC
DescriptionCENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later

Risk And Classification

Problem Types: CWE-312

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Yokogawa B/m9000cs All All All All
Application Yokogawa B/m9000 Vp All All All All
Application Yokogawa B/m9000 Vp All All All All
Application Yokogawa Centum Cs 1000 All All All All
Application Yokogawa Centum Cs 3000 All All All All
Application Yokogawa Centum Cs 3000 Entry Class All All All All
Application Yokogawa Centum Vp All All All All
Application Yokogawa Centum Vp All All All All
Application Yokogawa Centum Vp All All All All
Application Yokogawa Centum Vp Entry Class All All All All
Application Yokogawa Centum Vp Entry Class All All All All
Application Yokogawa Centum Vp Entry Class All All All All
Application Yokogawa Exaopc All All All All
Application Yokogawa Exaopc All All All All
Application Yokogawa Exaopc All All All All

References

ReferenceSourceLinkTags
Yokogawa Security Advisory Report List | Yokogawa Electric Corporation MISC www.yokogawa.com
JVNVU#98775218: Yokogawa Electric CENTUM series vulnerable to cleartext storage of sensitive information MISC jvn.jp
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report