Unquoted Search Path Vulnerability in Yokogawa Industrial Products
CVE-2019-6008

7.8HIGH

Key Information:

Vendor: Yokogawa Electric Corporation
Status: Multiple Yokogawa Products For Windows
Vendor: CVE Published:; 26 December 2019

Summary

This vulnerability exists in multiple Yokogawa products for Windows, leading to potential privilege escalation. A local user can exploit unquoted search paths, allowing them to execute a Trojan horse executable file and gain elevated permissions. This issue affects various versions of Exaopc, Exaplog, Exaquantum, Exaquantum/Batch, Exasmoc, Exarqe, GA10, and InsightSuiteAE, posing a serious security risk to industrial control systems.

Affected Version(s)

Multiple Yokogawa products for Windows Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)

References

https://www.yokogawa.com/library/resources/white-papers/y...

x_refsource_MISC

http://jvn.jp/vu/JVNVU98228725/index.html

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 26, 2019
Vulnerability Reserved
Jan 10, 2019