Sensitive Information Exposure in CENTUM Series by Yokogawa Electric Corporation
CVE-2023-26593
Key Information:
- Status
- Vendor
- CVE Published:
- 11 April 2023
What is CVE-2023-26593?
The CENTUM series by Yokogawa Electric Corporation has a vulnerability allowing for cleartext storage of sensitive information, potentially leading to unauthorized user privilege escalation. If an attacker gains access to a system with CENTUM installed, they can tamper with the password file, which may allow them to operate the control system with escalated privileges. This vulnerability requires that the attacker has valid user credentials and that the CENTUM Authentication Mode is in use during authentication. Organizations using affected versions are advised to implement security measures to protect sensitive information.
Affected Version(s)
CENTUM series CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later