Sign-up

ID

VAR-202008-0991


CVE

CVE-2020-5609


TITLE

Made by Yokogawa Electric CAMS for HIS Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007129

DESCRIPTION

Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors. Provided by Yokogawa Electric Corporation CAMS for HIS Is vulnerable to several vulnerabilities: * Inappropriate authentication (CWE-287) - CVE-2020-5608 * Path traversal (CWE-22) - CVE-2020-5609The expected impact depends on each vulnerability, but it may be affected as follows. * A specially crafted communication packet is sent by an unauthenticated third party - CVE-2020-5608 * Unauthenticated third parties create or overwrite files in any location, or execute arbitrary commands - CVE-2020-5609

Trust: 1.62

sources: NVD: CVE-2020-5609 // JVNDB: JVNDB-2020-007129

AFFECTED PRODUCTS

vendor:yokogawamodel:centum vpscope:gteversion:r4.01.00

Trust: 1.0

vendor:yokogawamodel:centum vpscope:gteversion:r6.01.00

Trust: 1.0

vendor:yokogawamodel:b\/m9000vpscope:lteversion:r8.03.01

Trust: 1.0

vendor:yokogawamodel:centum vpscope:lteversion:r5.04.20

Trust: 1.0

vendor:yokogawamodel:b\/m9000csscope:lteversion:r5.05.01

Trust: 1.0

vendor:yokogawamodel:b\/m9000csscope:gteversion:r5.04.01

Trust: 1.0

vendor:yokogawamodel:centum vpscope:gteversion:r5.01.00

Trust: 1.0

vendor:yokogawamodel:centum vpscope:lteversion:r4.03.00

Trust: 1.0

vendor:yokogawamodel:centum cs 3000scope:lteversion:r3.09.50

Trust: 1.0

vendor:yokogawamodel:b\/m9000vpscope:gteversion:r6.01.01

Trust: 1.0

vendor:yokogawamodel:centum vpscope:lteversion:r6.07.00

Trust: 1.0

vendor:yokogawamodel:centum cs 3000scope:gteversion:r3.08.10

Trust: 1.0

vendor:yokogawa electricmodel:b/m9000csscope:eqversion:vp r6.01.01 から r8.03.01

Trust: 0.8

vendor:yokogawa electricmodel:b/m9000csscope:eqversion:r5.04.01 から r5.05.01

Trust: 0.8

vendor:yokogawa electricmodel:centum cs 3000scope:eqversion:(centum cs 3000 small 含む) r3.08.10 から r3.09.50

Trust: 0.8

vendor:yokogawa electricmodel:centum vpscope:eqversion:(centum vp small, basic 含む) r4.01.00 から r6.07.00

Trust: 0.8

sources: JVNDB: JVNDB-2020-007129 // NVD: CVE-2020-5609

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2020-007129
value: HIGH

Trust: 1.6

nvd@nist.gov: CVE-2020-5609
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202008-164
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-5609
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

nvd@nist.gov: CVE-2020-5609
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA score: JVNDB-2020-007129
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-007129
baseSeverity: HIGH
baseScore: 8.1
vectorString: 3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-007129 // JVNDB: JVNDB-2020-007129 // CNNVD: CNNVD-202008-164 // NVD: CVE-2020-5609

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.0

sources: NVD: CVE-2020-5609

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-164

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202008-164

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007129

PATCH
title:YSAR-20-0001: CAMS for HISに複数の脆弱性url:https://www.yokogawa.co.jp/library/resources/white-papers/yokogawa-security-advisory-report-list/
Trust: 0.8
title:Yokogawa CAMS for HIS Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126322
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-007129 // 
            
            
            
            CNNVD: CNNVD-202008-164

EXTERNAL IDS
db:JVNid:JVNVU97997181
Trust: 2.4
db:NVDid:CVE-2020-5609
Trust: 2.4
db:ICS CERTid:ICSA-20-224-01
Trust: 1.4
db:JVNDBid:JVNDB-2020-007129
Trust: 0.8
db:AUSCERTid:ESB-2020.2759
Trust: 0.6
db:CNNVDid:CNNVD-202008-164
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-007129 // 
            
            
            
            CNNVD: CNNVD-202008-164 // 
            
            
            
            NVD: CVE-2020-5609

REFERENCES
url:https://web-material3.yokogawa.com/1/29820/files/ysar-20-0001-e.pdf
Trust: 1.6
url:https://jvn.jp/vu/jvnvu97997181/index.html
Trust: 1.6
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-224-01
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-5609
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5608
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5609
Trust: 0.8
url:http://jvn.jp/cert/jvnvu97997181
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-5608
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2759/
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-007129 // 
            
            
            
            CNNVD: CNNVD-202008-164 // 
            
            
            
            NVD: CVE-2020-5609

SOURCES
db:JVNDBid:JVNDB-2020-007129
db:CNNVDid:CNNVD-202008-164
db:NVDid:CVE-2020-5609

LAST UPDATE DATE
2024-11-23T21:59:03.347000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-007129date:2020-08-14T00:00:00
db:CNNVDid:CNNVD-202008-164date:2021-01-05T00:00:00
db:NVDid:CVE-2020-5609date:2024-11-21T05:34:21.410

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-007129date:2020-08-03T00:00:00
db:CNNVDid:CNNVD-202008-164date:2020-08-05T00:00:00
db:NVDid:CVE-2020-5609date:2020-08-05T14:15:13.187