← Back to CVEs
CVE-2020-5609
CRITICAL9.8
Description
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published8/5/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
yokogawa:b\/m9000csyokogawa:b\/m9000cs_firmwareyokogawa:b\/m9000vpyokogawa:b\/m9000vp_firmwareyokogawa:centum_cs_3000yokogawa:centum_cs_3000_firmwareyokogawa:centum_vpyokogawa:centum_vp_firmware
Weaknesses (CWE)
CWE-22
References
https://jvn.jp/vu/JVNVU97997181/index.html(vultures@jpcert.or.jp)
https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf(vultures@jpcert.or.jp)
https://jvn.jp/vu/JVNVU97997181/index.html(af854a3a-2127-422b-91ae-364da2661108)
https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.