Yokogawa Vnet/IP Open Communication Driver Denial-of-Service (ICSA-19-003-02)

high Nessus Network Monitor Plugin ID 720286

Synopsis

Multiple Yokogawa products contain a Vnet/IP Open Communication Driver that is vulnerable to a Denial-of-Service (DoS) attack vector.

Description

Multiple Yokogawa products that contain Vnet/IP Open Communication Driver allow remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors.

Affected products include:

- CENTUM CS 3000(R3.05.00 - R3.09.50)
- CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50)
- CENTUM VP(R4.01.00 - R6.03.10)
- CENTUM VP Entry Class(R4.01.00 - R6.03.10)
- Exaopc(R3.10.00 - R3.75.00)
- PRM(R2.06.00 - R3.31.00)
- ProSafe-RS(R1.02.00 - R4.02.00)
- FAST/TOOLS(R9.02.00 - R10.02.00)
- B/M9000 VP(R6.03.01 - R8.01.90)

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

Plugin Details

Severity: High

ID: 720286

Family: SCADA

Published: 8/29/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 1/3/2019

Vulnerability Publication Date: 1/3/2019

Reference Information

CVE: CVE-2018-16196

BID: 106442

Detections

Analytics