JVNVU#98775218
Yokogawa Electric CENTUM series vulnerable to cleartext storage of sensitive information
Overview
CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information.
Products Affected
- CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class)
- R2.01.00 to R3.09.50
- CENTUM VP (Including CENTUM VP Entry Class) (*1)
- R4.01.00 to R4.03.00
- R5.01.00 to R5.04.20
- R6.01.00 and later
B/M series listed below are affected by CENTUM bundled in the products.
- B/M9000 CS
- R5.04.01 to R5.05.01
- B/M9000 VP
- R6.01.01 to R7.04.51
- R8.01.01 and later
Description
CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information (CWE-312, CVE-2023-26593).
Impact
If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege.
To exploit this vulnerability, the following prerequisites must be met.
- An attacker has obtained user credentials where the affected product is installed
- CENTUM Authentication Mode is used for user authentication when CENTUM VP is used
Solution
Stop using the outdated products and switch to successor products
For the users of CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class):
These products are no longer support, therefore solutions are not provided.
The developer recommends users to migrate to the latest CENTUM VP series.
Update the software
For the users of CENTUM VP (Including CENTUM VP Entry Class)
R4.01.00 to R4.02.00:
Update the software to R4.03.00, and then change the user authentication mode from CEMTUM Authentication Mode to Windows Authentication Mode.
Change the authentication mode
For the users of CENTUM VP (Including CENTUM VP Entry Class)
R4.03.00, R5.01.00 to R5.04.20, R6.01.00 and later:
Change the user authentication mode from CEMTUM Authentication Mode to Windows Authentication Mode.
The users of B/M9000 CS and B/M9000 VP are not directly affected by this vulnerability, but it is affected as CENTUM which is bundled is vulnerable. Therefore, users who are to update CENTUM VP to the latest version need to update B/M9000 VP to the appropriate version.
For more information, refer to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Yokogawa Electric Corporation | YSAR-23-0001: Elevation of Privilege Vulnerability in CENTUM Authentication Mode |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
Yokogawa Electric Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-26593 |
| JVN iPedia |
|