CVE-2020-5609 (GCVE-0-2020-5609)

Vulnerability from cvelistv5 – Published: 2020-08-05 13:12 – Updated: 2024-08-04 08:30
VLAI?
Summary
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • Directory traversal
Assigner
References
Impacted products
Vendor Product Version
Yokogawa Electric Corporation CAMS for HIS Affected: CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:30:24.580Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/vu/JVNVU97997181/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CAMS for HIS",
          "vendor": "Yokogawa Electric Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Directory traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-05T13:12:59",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/vu/JVNVU97997181/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5609",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CAMS for HIS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Yokogawa Electric Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Directory traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf",
              "refsource": "MISC",
              "url": "https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf"
            },
            {
              "name": "https://jvn.jp/vu/JVNVU97997181/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/vu/JVNVU97997181/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2020-5609",
    "datePublished": "2020-08-05T13:12:59",
    "dateReserved": "2020-01-06T00:00:00",
    "dateUpdated": "2024-08-04T08:30:24.580Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"r3.08.10\", \"versionEndIncluding\": \"r3.09.50\", \"matchCriteriaId\": \"7CB5C1D3-A410-478C-AEBC-7A85A30B39BC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"r4.01.00\", \"versionEndIncluding\": \"r4.03.00\", \"matchCriteriaId\": \"D0D63842-D6A8-4FA1-B09C-71E9113FF95A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"r5.01.00\", \"versionEndIncluding\": \"r5.04.20\", \"matchCriteriaId\": \"D647BA49-5A43-437B-8C58-0294A452AF8D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"r6.01.00\", \"versionEndIncluding\": \"r6.07.00\", \"matchCriteriaId\": \"041D122C-CAFD-4AA5-A45B-A51E2F024D67\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"161A4767-228C-4681-9D20-81D9380CE48A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:yokogawa:b\\\\/m9000cs_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"r5.04.01\", \"versionEndIncluding\": \"r5.05.01\", \"matchCriteriaId\": \"3131E58F-D32D-4FDC-AAD1-DE7BBAC10659\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:yokogawa:b\\\\/m9000cs:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6C0600F-87E0-4CE5-ACB9-49F160DB3D33\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:yokogawa:b\\\\/m9000vp_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"r6.01.01\", \"versionEndIncluding\": \"r8.03.01\", \"matchCriteriaId\": \"9458CCD1-1820-4395-95CD-AEAC589DA4B2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:yokogawa:b\\\\/m9000vp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86DDD4A8-FE34-4446-A0C2-4E282F881068\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad salto de directorio en CAMS para HIS CENTUM CS 3000 (incluye CENTUM CS 3000 Small) versiones R3.08.10 hasta R3.09.50, CENTUM VP (incluye CENTUM VP Small, Basic) versiones R4.01.00 hasta R6.07.00, B/M9000CS versiones R5.04.01 hasta R5.05.01 y B/M9000 VP versiones R6.01.01 hasta R8.03.01, permiten a un atacante remoto no autenticado crear o sobrescribir archivos arbitrarios y ejecutar comandos arbitrarios por medio de vectores no especificados\"}]",
      "id": "CVE-2020-5609",
      "lastModified": "2024-11-21T05:34:21.410",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-08-05T14:15:13.187",
      "references": "[{\"url\": \"https://jvn.jp/vu/JVNVU97997181/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jvn.jp/vu/JVNVU97997181/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-5609\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2020-08-05T14:15:13.187\",\"lastModified\":\"2024-11-21T05:34:21.410\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad salto de directorio en CAMS para HIS CENTUM CS 3000 (incluye CENTUM CS 3000 Small) versiones R3.08.10 hasta R3.09.50, CENTUM VP (incluye CENTUM VP Small, Basic) versiones R4.01.00 hasta R6.07.00, B/M9000CS versiones R5.04.01 hasta R5.05.01 y B/M9000 VP versiones R6.01.01 hasta R8.03.01, permiten a un atacante remoto no autenticado crear o sobrescribir archivos arbitrarios y ejecutar comandos arbitrarios por medio de vectores no especificados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"r3.08.10\",\"versionEndIncluding\":\"r3.09.50\",\"matchCriteriaId\":\"7CB5C1D3-A410-478C-AEBC-7A85A30B39BC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"r4.01.00\",\"versionEndIncluding\":\"r4.03.00\",\"matchCriteriaId\":\"D0D63842-D6A8-4FA1-B09C-71E9113FF95A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"r5.01.00\",\"versionEndIncluding\":\"r5.04.20\",\"matchCriteriaId\":\"D647BA49-5A43-437B-8C58-0294A452AF8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"r6.01.00\",\"versionEndIncluding\":\"r6.07.00\",\"matchCriteriaId\":\"041D122C-CAFD-4AA5-A45B-A51E2F024D67\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"161A4767-228C-4681-9D20-81D9380CE48A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:yokogawa:b\\\\/m9000cs_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"r5.04.01\",\"versionEndIncluding\":\"r5.05.01\",\"matchCriteriaId\":\"3131E58F-D32D-4FDC-AAD1-DE7BBAC10659\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:yokogawa:b\\\\/m9000cs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6C0600F-87E0-4CE5-ACB9-49F160DB3D33\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:yokogawa:b\\\\/m9000vp_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"r6.01.01\",\"versionEndIncluding\":\"r8.03.01\",\"matchCriteriaId\":\"9458CCD1-1820-4395-95CD-AEAC589DA4B2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:yokogawa:b\\\\/m9000vp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86DDD4A8-FE34-4446-A0C2-4E282F881068\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/vu/JVNVU97997181/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/vu/JVNVU97997181/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.