CVE-2020-5609 - OpenCVE

Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Yokogawa	B\/m9000cs B\/m9000vp Firmware Centum Cs 3000 B\/m9000cs Firmware Centum Cs 3000 Firmware Centum Vp Firmware B\/m9000vp Centum Vp

Configuration 1 [-]

AND

cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:yokogawa:centum_vp_firmware::::::::
	cpe:2.3:o:yokogawa:centum_vp_firmware::::::::
	cpe:2.3:o:yokogawa:centum_vp_firmware::::::::

cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:yokogawa:b\/m9000cs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yokogawa:b\/m9000cs:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:yokogawa:b\/m9000vp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:yokogawa:b\/m9000vp:-:*:*:*:*:*:*:*

References

Link	Resource
https://jvn.jp/vu/JVNVU97997181/index.html	Third Party Advisory
https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2020-08-05T13:12:59

Updated: 2020-08-05T13:12:59

Reserved: 2020-01-06T00:00:00

Link: CVE-2020-5609

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-08-05T14:15:13.187

Modified: 2020-08-12T13:29:34.810

Link: CVE-2020-5609

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "CAMS for HIS", "vendor": "Yokogawa Electric Corporation", "versions": [{"status": "affected", "version": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "Directory traversal", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-05T13:12:59", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/vu/JVNVU97997181/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2020-5609", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CAMS for HIS", "version": {"version_data": [{"version_value": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"}]}}]}, "vendor_name": "Yokogawa Electric Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Directory traversal"}]}]}, "references": {"reference_data": [{"name": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf", "refsource": "MISC", "url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"}, {"name": "https://jvn.jp/vu/JVNVU97997181/index.html", "refsource": "MISC", "url": "https://jvn.jp/vu/JVNVU97997181/index.html"}]}}}}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2020-5609", "datePublished": "2020-08-05T13:12:59", "dateReserved": "2020-01-06T00:00:00", "dateUpdated": "2020-08-05T13:12:59", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CB5C1D3-A410-478C-AEBC-7A85A30B39BC", "versionEndIncluding": "r3.09.50", "versionStartIncluding": "r3.08.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0D63842-D6A8-4FA1-B09C-71E9113FF95A", "versionEndIncluding": "r4.03.00", "versionStartIncluding": "r4.01.00", "vulnerable": true}, {"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D647BA49-5A43-437B-8C58-0294A452AF8D", "versionEndIncluding": "r5.04.20", "versionStartIncluding": "r5.01.00", "vulnerable": true}, {"criteria": "cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "041D122C-CAFD-4AA5-A45B-A51E2F024D67", "versionEndIncluding": "r6.07.00", "versionStartIncluding": "r6.01.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*", "matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:yokogawa:b\\/m9000cs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3131E58F-D32D-4FDC-AAD1-DE7BBAC10659", "versionEndIncluding": "r5.05.01", "versionStartIncluding": "r5.04.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:b\\/m9000cs:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6C0600F-87E0-4CE5-ACB9-49F160DB3D33", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:yokogawa:b\\/m9000vp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9458CCD1-1820-4395-95CD-AEAC589DA4B2", "versionEndIncluding": "r8.03.01", "versionStartIncluding": "r6.01.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:b\\/m9000vp:-:*:*:*:*:*:*:*", "matchCriteriaId": "86DDD4A8-FE34-4446-A0C2-4E282F881068", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors."}, {"lang": "es", "value": "Una vulnerabilidad salto de directorio en CAMS para HIS CENTUM CS 3000 (incluye CENTUM CS 3000 Small) versiones R3.08.10 hasta R3.09.50, CENTUM VP (incluye CENTUM VP Small, Basic) versiones R4.01.00 hasta R6.07.00, B/M9000CS versiones R5.04.01 hasta R5.05.01 y B/M9000 VP versiones R6.01.01 hasta R8.03.01, permiten a un atacante remoto no autenticado crear o sobrescribir archivos arbitrarios y ejecutar comandos arbitrarios por medio de vectores no especificados"}], "id": "CVE-2020-5609", "lastModified": "2020-08-12T13:29:34.810", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-05T14:15:13.187", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/vu/JVNVU97997181/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}