CVE-2024-5650

Name of the Vulnerable Software and Affected Versions CENTUM CS 3000 versions R3.08.10 through R3.09.50 CENTUM VP versions R4.01.00 through R4.03.00 CENTUM VP versions R5.01.00 through R5.04.20 CENTUM VP versions R6.01.00 through R6.11.10

Description A DLL Hijacking vulnerability has been found in the CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker gains access to a computer with the affected product installed or accesses a shared folder, they can replace the DLL file with a tampered one, allowing them to execute arbitrary programs with the authority of the SYSTEM account. The vulnerability is related to errors in access restriction.

Recommendations For CENTUM CS 3000 versions R3.08.10 through R3.09.50, update to a version outside of this range to mitigate the risk. For CENTUM VP versions R4.01.00 through R4.03.00, update to a version outside of this range to mitigate the risk. For CENTUM VP versions R5.01.00 through R5.04.20, update to a version outside of this range to mitigate the risk. For CENTUM VP versions R6.01.00 through R6.11.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to shared folders and monitoring for suspicious DLL file replacements until a patch is available.