CVE-2019-6008

An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.

Published: Dec 26, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-6008
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-428

Affected Software
References

Software	From	Fixed in
yokogawa / exarqe	-	-
yokogawa / exasmoc	-	-
yokogawa / insightsuiteae	r1.01.00	r1.06.00.x
yokogawa / ga10	r1.01.01	r3.05.01.x
yokogawa / exaquantum/batch	r1.01.00	r2.50.40.x
yokogawa / exaquantum	r1.10.00	r3.02.00.x
yokogawa / exaplog	r1.10.00	r3.30.00.x
yokogawa / exaopc	r1.01.00	r3.77.00.x

Vulnerability Database

289,782

CVE-2019-6008