DLL Hijacking Vulnerability Affects Yokogawa's CENTUM CAMS Log Server
CVE-2024-5650

8.5HIGH

Key Information:

Vendor: Yokogawa Electric Corporation
Status: Centum Cs 3000; Centum Vp
Vendor: CVE Published:; 17 June 2024

Summary

A DLL Hijacking vulnerability was identified in the CENTUM CAMS Log Server developed by Yokogawa Electric Corporation. This vulnerability allows potential attackers, who gain access to a system running the affected product or to a shared folder, to substitute a legitimate DLL file with a malicious version. Consequently, this exploitation can result in the execution of arbitrary programs with SYSTEM-level privileges, posing significant risks to the integrity and security of the affected systems.

Affected Version(s)

CENTUM CS 3000 R3.08.10

CENTUM VP R4.01.00

CENTUM VP R5.01.00

References

https://web-material3.yokogawa.com/1/36044/files/YSAR-24-...

vendor-advisory

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 17, 2024
Vulnerability Reserved
Jun 5, 2024