CVE-2019-6008 - OpenCVE

An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Yokogawa	Exaopc Exaplog Exaquantum Exaquantum\/batch Exarqe Exasmoc Ga10 Insightsuiteae

Configuration 1 [-]

OR	cpe:2.3:a:yokogawa:exaopc::::::windows::*
	cpe:2.3:a:yokogawa:exaplog::::::windows::*
	cpe:2.3:a:yokogawa:exaquantum::::::windows::*
	cpe:2.3:a:yokogawa:exaquantum\/batch::::::windows::*
	cpe:2.3:a:yokogawa:exarqe::::::windows::*
	cpe:2.3:a:yokogawa:exasmoc::::::windows::*
	cpe:2.3:a:yokogawa:ga10::::::windows::*
	cpe:2.3:a:yokogawa:insightsuiteae::::::windows::*

No data.

References

Link	Providers
http://jvn.jp/vu/JVNVU98228725/index.html
https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2019-12-26T15:16:49

Updated: 2024-08-04T20:09:24.050Z

Reserved: 2019-01-10T00:00:00

Link: CVE-2019-6008

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-12-26T16:15:10.967

Modified: 2020-01-08T20:39:16.610

Link: CVE-2019-6008

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Multiple Yokogawa products for Windows", "vendor": "Yokogawa Electric Corporation", "versions": [{"status": "affected", "version": "Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)"}]}], "descriptions": [{"lang": "en", "value": "An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges."}], "problemTypes": [{"descriptions": [{"description": "Unquoted Search Path or Element", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-26T15:16:49", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"}, {"tags": ["x_refsource_MISC"], "url": "http://jvn.jp/vu/JVNVU98228725/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2019-6008", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Multiple Yokogawa products for Windows", "version": {"version_data": [{"version_value": "Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)"}]}}]}, "vendor_name": "Yokogawa Electric Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Unquoted Search Path or Element"}]}]}, "references": {"reference_data": [{"name": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/", "refsource": "MISC", "url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"}, {"name": "http://jvn.jp/vu/JVNVU98228725/index.html", "refsource": "MISC", "url": "http://jvn.jp/vu/JVNVU98228725/index.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:09:24.050Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://jvn.jp/vu/JVNVU98228725/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2019-6008", "datePublished": "2019-12-26T15:16:49", "dateReserved": "2019-01-10T00:00:00", "dateUpdated": "2024-08-04T20:09:24.050Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:windows:*:*", "matchCriteriaId": "91D6B3D6-E908-4E19-AB94-5498B12ED834", "versionEndIncluding": "r3.77.00", "versionStartIncluding": "r1.01.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:windows:*:*", "matchCriteriaId": "6D99F269-84E5-4DC1-B17E-D3288138959F", "versionEndIncluding": "r3.30.00", "versionStartIncluding": "r1.10.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:windows:*:*", "matchCriteriaId": "F2F5BE9D-2150-4EEC-B749-E2F552653293", "versionEndIncluding": "r3.02.00", "versionStartIncluding": "r1.10.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:exaquantum\\/batch:*:*:*:*:*:windows:*:*", "matchCriteriaId": "95A37F00-92D1-4437-86E3-16606C700169", "versionEndIncluding": "r2.50.40", "versionStartIncluding": "r1.01.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:windows:*:*", "matchCriteriaId": "A0563434-02C4-45D2-B119-5586F823281D", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:windows:*:*", "matchCriteriaId": "2CC76876-D26E-4DE8-8403-4676A2B41923", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:ga10:*:*:*:*:*:windows:*:*", "matchCriteriaId": "859D7D36-8EAF-4368-93B0-5891DD1A14B0", "versionEndIncluding": "r3.05.01", "versionStartIncluding": "r1.01.01", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:insightsuiteae:*:*:*:*:*:windows:*:*", "matchCriteriaId": "4996F8C8-E3BD-425B-AD64-14A98786A2C1", "versionEndIncluding": "r1.06.00", "versionStartIncluding": "r1.01.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges."}, {"lang": "es", "value": "Una vulnerabilidad de ruta de b\u00fasqueda sin comillas en varios productos de Yokogawa para Windows (Exaopc (R1.01.00 hasta R3.77.00), Exaplog (R1.10.00 hasta R3.40.00), Exaquantum (R1.10.00 hasta R3.02.00 y R3.15.00), Exaquantum/Batch (R1.01.00 hasta R2.50.40), Exasmoc (todas las revisiones), Exarqe (todas las revisiones), GA10 (R1.01.01 hasta R3.05.01) e InsightSuiteAE (R1.01.00 hasta R1.06.00)), permite a usuarios locales alcanzar privilegios por medio de un archivo ejecutable de tipo caballo de Troya y ejecutar c\u00f3digo arbitrario con privilegios elevados."}], "id": "CVE-2019-6008", "lastModified": "2020-01-08T20:39:16.610", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-26T16:15:10.967", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "http://jvn.jp/vu/JVNVU98228725/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "nvd@nist.gov", "type": "Primary"}]}