ICSA-20-224-01
Vulnerability from csaf_cisa
Published
2020-08-11 00:00
Modified
2021-01-05 00:00
Summary
Yokogawa CENTUM (Update A)
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to send tampered communication packets or create/overwrite any file and run any commands.
Critical infrastructure sectors
Critical Manufacturing, Energy, Food and Agriculture
Countries/areas deployed
Worldwide
Company headquarters location
Japan
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"names": [
"Nataliya Tlyapova",
"Ivan Kurnakov"
],
"summary": "reporting these vulnerabilities to Yokogawa"
},
{
"organization": "Positive Technologies",
"summary": "reporting these vulnerabilities to Yokogawa"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to send tampered communication packets or create/overwrite any file and run any commands.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing, Energy, Food and Agriculture",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Japan",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-20-224-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-224-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-20-224-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-224-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Yokogawa CENTUM (Update A)",
"tracking": {
"current_release_date": "2021-01-05T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-20-224-01",
"initial_release_date": "2020-08-11T00:00:00.000000Z",
"revision_history": [
{
"date": "2020-08-11T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-20-224-01 Yokogawa CENTUM"
},
{
"date": "2021-01-05T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSA-20-224-01 Yokogawa CENTUM (Update A)"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= R5.04.01 | \u003c= R5.05.01",
"product": {
"name": "B/M9000CS: versions R5.04.01 - R5.05.01",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "B/M9000CS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= R4.01.00 | \u003c= R6.07.00 (Including CENTUM VP Entry Class)",
"product": {
"name": "CENTUM VP: versions R4.01.00 - R6.07.00 (Including CENTUM VP Entry Class)",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "CENTUM VP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= R3.72.00 | \u003c= R3.78.00",
"product": {
"name": "Exaopc: (R3.72.00 - R3.78.00)",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Exaopc"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= R3.08.10 | \u003c= R3.09.50 (Including CENTUM CS 3000 Entry Class)",
"product": {
"name": "CENTUM CS 3000: versions R3.08.10 - R3.09.50 (Including CENTUM CS 3000 Entry Class)",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "CENTUM CS 3000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= R6.01.01 | \u003c= R8.03.01",
"product": {
"name": "B/M9000 VP: versions R6.01.01 - R8.03.01",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "B/M9000 VP"
}
],
"category": "vendor",
"name": "Yokogawa"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-5608",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "This vulnerability may allow a remote unauthenticated attacker to send tampered communication packets.CVE-2020-5608 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5608"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Exaopc R3.72.00 - R3.78.00: Update to R3.78.10 or later.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For CENTUM CS 3000 (including CENTUM CS 3000 Entry Class) R3.08.10 - R3.09.50 and CENTUM VP (including CENTUM VP Entry Class) R4.01.00 - R4.03.00, no patch will be available because these products are already end of support. Yokogawa recommends that affected customers upgrade to the latest revision of CENTUM VP.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For CENTUM VP (including CENTUM VP Entry Class) R5.01.00 - R5.04.20, apply patch R5.04.D1",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For CENTUM VP (including CENTUM VP Entry Class) R6.01.00 - R6.07.00, apply patch R6.07.11",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "vendor_fix",
"details": "For B/M9000CS R5.04.01 - R5.05.01 and B/M9000 VP R6.01.01 - R8.03.01, Yokogawa reports that this product is not affected by the vulnerabilities but is affected by the existence of CENTUM CS 3000 installed on the same PC. If CENTUM CS 3000 is installed, update B/M90000CS to suitable revision. If CENTUM VP is installed on the same PC, update to B/M90000 VP to suitable revision.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For questions related to this report, please contact Yokogawa support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://contact.yokogawa.com/cs/gw?c-id=000498"
},
{
"category": "mitigation",
"details": "More details can also be found in Yokogawa\u0027s security advisory report number YSAR-20-0001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://contact.yokogawa.com/cs/gw?c-id=000498"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
},
{
"cve": "CVE-2020-5609",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "This vulnerability may allow a remote attacker to create or overwrite any file, run any commands.CVE-2020-5609 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been assigned; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-5609"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Exaopc R3.72.00 - R3.78.00: Update to R3.78.10 or later.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For CENTUM CS 3000 (including CENTUM CS 3000 Entry Class) R3.08.10 - R3.09.50 and CENTUM VP (including CENTUM VP Entry Class) R4.01.00 - R4.03.00, no patch will be available because these products are already end of support. Yokogawa recommends that affected customers upgrade to the latest revision of CENTUM VP.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For CENTUM VP (including CENTUM VP Entry Class) R5.01.00 - R5.04.20, apply patch R5.04.D1",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For CENTUM VP (including CENTUM VP Entry Class) R6.01.00 - R6.07.00, apply patch R6.07.11",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "vendor_fix",
"details": "For B/M9000CS R5.04.01 - R5.05.01 and B/M9000 VP R6.01.01 - R8.03.01, Yokogawa reports that this product is not affected by the vulnerabilities but is affected by the existence of CENTUM CS 3000 installed on the same PC. If CENTUM CS 3000 is installed, update B/M90000CS to suitable revision. If CENTUM VP is installed on the same PC, update to B/M90000 VP to suitable revision.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For questions related to this report, please contact Yokogawa support.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://contact.yokogawa.com/cs/gw?c-id=000498"
},
{
"category": "mitigation",
"details": "More details can also be found in Yokogawa\u0027s security advisory report number YSAR-20-0001",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
],
"url": "https://contact.yokogawa.com/cs/gw?c-id=000498"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.