CVE-2018-8838
CVE-2018-8838 is a medium-severity vulnerability in Yokogawa B/m9000 Cs with a CVSS 3.x base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 3.x base score 6.5)
- CVSS v2: 4.4
- EPSS exploit prediction: 0% (21st percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Yokogawa B/m9000 Cs
- Published:
- Last modified:
Description
A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CENTUM VP Basic versions R6.03.10 and earlier, Exaopc versions R3.75.00 and earlier, B/M9000 CS all versions, and B/M9000 VP versions R8.01.01 and earlier may allow a local attacker to exploit the message management function of the system. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H).
Frequently asked questions
- What is CVE-2018-8838?
- A weakness in access controls in CENTUM CS 1000 all versions, CENTUM CS 3000 versions R3.09.50 and earlier, CENTUM CS 3000 Small versions R3.09.50 and earlier, CENTUM VP versions R6.03.10 and earlier, CENTUM VP Small versions R6.03.10 and earlier, CENTUM VP Basic versions R6.03.10 and earlier, Exaopc versions R3.75.00 and earlier, B/M9000 CS all versions, and B/M9000 VP versions R8.01.01 and earlier may allow a local attacker to exploit the message management function of the system. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H).
- How severe is CVE-2018-8838?
- CVE-2018-8838 has a CVSS 3.x base score of 6.5, rated medium severity. It is exploitable over local access with high attack complexity, requires low privileges and no user interaction. Impact on confidentiality is low, integrity high, and availability high.
- Is CVE-2018-8838 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (21st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2018-8838?
- CVE-2018-8838 primarily affects Yokogawa B/m9000 Cs. In total, 8 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2018-8838?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2018-8838 published?
- CVE-2018-8838 was published on 2018-04-17 and last updated on 2026-06-17.
References
Affected products (8)
- cpe:2.3:a:yokogawa:b\/m9000_cs:-:*:*:*:*:*:*:*
- cpe:2.3:a:yokogawa:b\/m9000_vp:*:*:*:*:*:*:*:*
- cpe:2.3:a:yokogawa:centum_cs_3000:*:*:*:*:*:*:*:*
- cpe:2.3:a:yokogawa:centum_cs_3000:*:*:*:*:small:*:*:*
- cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:*
- cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:basic:*:*:*
- cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:small:*:*:*
- cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*