high
7.8
CWE
312
Advisory Published
Updated

CVE-2023-26593

First published: Tue Apr 11 2023(Updated: )

CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later

Credit: vultures@jpcert.or.jp

Affected SoftwareAffected VersionHow to fix
Yokogawa B\/m9000 Vp>=r6.01.01<=r7.04.51
Yokogawa B\/m9000 Vp>=r8.01.01
Yokogawa B\/m9000cs>=r5.04.01<=r5.05.01
Yokogawa CENTUM CS 1000>=r2.01.00<=r3.09.50
Yokogawa CENTUM CS 3000>=r2.01.00<=r3.09.50
Yokogawa Centum Cs 3000 Entry Class>=r2.01.00<=r3.09.50
Yokogawa Centum Vp>=r4.01.00<=r4.03.00
Yokogawa Centum Vp>=r5.01.00<=r5.04.20
Yokogawa Centum Vp>=r6.01.00
Yokogawa Centum Vp Entry Class>=r4.01.00<=r4.02.00
Yokogawa Centum Vp Entry Class>=r5.01.00<=r5.04.20
Yokogawa Centum Vp Entry Class>=r6.01.00
Yokogawa Exaopc>=r1.01.00<=r1.20.00
Yokogawa Exaopc>=r2.01.00<=r2.10.00
Yokogawa Exaopc>=r3.01.00

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2023-26593?

    CVE-2023-26593 is a vulnerability in the CENTUM series provided by Yokogawa Electric Corporation that allows for cleartext storage of sensitive information.

  • How does the CVE-2023-26593 vulnerability occur?

    The CVE-2023-26593 vulnerability occurs when an attacker who can access the computer where the affected product is installed tampers with the password file stored on the computer.

  • What is the severity of CVE-2023-26593?

    The severity of CVE-2023-26593 is high, with a severity value of 7.8.

  • Which software versions are affected by CVE-2023-26593?

    The Yokogawa B/m9000 Vp versions r6.01.01 to r7.04.51, Yokogawa B/m9000cs versions r5.04.01 to r5.05.01, Yokogawa CENTUM CS 1000 versions r2.01.00 to r3.09.50, Yokogawa CENTUM CS 3000 versions r2.01.00 to r3.09.50, Yokogawa Centum Vp versions r4.01.00 to r4.03.00, Yokogawa Centum Vp versions r5.01.00 to r5.04.20, Yokogawa Centum Vp versions from r6.01.00, Yokogawa Centum Vp Entry Class versions r4.01.00 to r4.02.00, Yokogawa Centum Vp Entry Class versions r5.01.00 to r5.04.20, Yokogawa Centum Vp Entry Class versions from r6.01.00, and Yokogawa Exaopc versions r1.01.00 to r1.20.00, and Yokogawa Exaopc versions r2.01.00 to r2.10.00, and Yokogawa Exaopc versions from r3.01.00.

  • How can I fix the CVE-2023-26593 vulnerability?

    To fix the CVE-2023-26593 vulnerability, Yokogawa Electric Corporation recommends updating to the latest versions of the affected products listed in their security advisory report.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203