Vulnerability Details : CVE-2019-6008
An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2019-6008
Probability of exploitation activity in the next 30 days: 0.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 34 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2019-6008
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2019-6008
-
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-6008
-
http://jvn.jp/vu/JVNVU98228725/index.html
JVNVU#98228725: 横河製品が登録する Windows サービスで実行ファイルのパスが引用符で囲まれていない脆弱性Third Party Advisory
-
https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/
Yokogawa Security Advisory Report List | Yokogawa Electric CorporationVendor Advisory
Products affected by CVE-2019-6008
- Yokogawa » Exaopc » For WindowsVersions from including (>=) r1.01.00 and up to, including, (<=) r3.77.00cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:windows:*:*
- Yokogawa » Exaplog » For WindowsVersions from including (>=) r1.10.00 and up to, including, (<=) r3.30.00cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:windows:*:*
- Yokogawa » Exaquantum » For WindowsVersions from including (>=) r1.10.00 and up to, including, (<=) r3.02.00cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:windows:*:*
- Yokogawa » Exaquantum/batch » For WindowsVersions from including (>=) r1.01.00 and up to, including, (<=) r2.50.40cpe:2.3:a:yokogawa:exaquantum\/batch:*:*:*:*:*:windows:*:*
- cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:windows:*:*
- cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:windows:*:*
- Yokogawa » Ga10 » For WindowsVersions from including (>=) r1.01.01 and up to, including, (<=) r3.05.01cpe:2.3:a:yokogawa:ga10:*:*:*:*:*:windows:*:*
- Yokogawa » Insightsuiteae » For WindowsVersions from including (>=) r1.01.00 and up to, including, (<=) r1.06.00cpe:2.3:a:yokogawa:insightsuiteae:*:*:*:*:*:windows:*:*