CVE-2024-5650

June 17, 2024, 12:42 p.m.

8.5
High

Description

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to execute arbitrary programs with the authority of the SYSTEM account. The affected products and versions are as follows: CENTUM CS 3000 R3.08.10 to R3.09.50 CENTUM VP R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, R6.01.00 to R6.11.10.

Product(s) Impacted

Product Versions
CENTUM CAMS Log server
Yokogawa Electric Corporation
CENTUM CS 3000
  • R3.08.10 - R3.09.50
CENTUM VP
  • R4.01.00 - R4.03.00
  • R5.01.00 - R5.04.20
  • R6.01.00 - R6.11.10

Weaknesses

References

https://web-material3.yokogawa.com/1/36044/files/YSAR-24-0002-E.pdf

Tags

CWE-284
2024-06-17
CVE-2024-5650
7168b535-132a-4efe-a076-338f829b2eb9

CVSS Score

8.5 / 10

CVSS Data

  • Attack Vector: NETWORK
  • Attack Complexity: HIGH
  • Privileges Required: LOW
  • Scope: CHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH
    • View Vector String

    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Date

  • Published: June 17, 2024, 7:15 a.m.
  • Last Modified: June 17, 2024, 12:42 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

7168b535-132a-4efe-a076-338f829b2eb9

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.