CVE-2024-5650

Summary

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to execute arbitrary programs with the authority of the SYSTEM account.

The affected products and versions are as follows: CENTUM CS 3000 R3.08.10 to R3.09.50 CENTUM VP R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, R6.01.00 to R6.11.10.

Affected Software

VendorProductVersion RangeStatus
Yokogawa Electric CorporationCENTUM CS 3000R3.08.10 <= R3.09.50affected
Yokogawa Electric CorporationCENTUM VPR4.01.00 <= R4.03.00affected
Yokogawa Electric CorporationCENTUM VPR5.01.00 <= R5.04.20affected
Yokogawa Electric CorporationCENTUM VPR6.01.00 <= R6.11.10affected

Weaknesses

  • CWE-284: CWE-284

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References