cvelistv5 - cve-2014-5208

cve-2014-5208

Vulnerability from cvelistv5

Published

2014-12-22 17:00

Modified

2024-08-06 11:41

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf	Vendor Advisory
cret@cert.org	https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access	Exploit
cret@cert.org	https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A	Third Party Advisory, US Government Resource

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:41:47.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-12-22T17:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2014-5208",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A"
            },
            {
              "name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf",
              "refsource": "CONFIRM",
              "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf"
            },
            {
              "name": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access",
              "refsource": "MISC",
              "url": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2014-5208",
    "datePublished": "2014-12-22T17:00:00",
    "dateReserved": "2014-08-13T00:00:00",
    "dateUpdated": "2024-08-06T11:41:47.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.71.10\", \"matchCriteriaId\": \"9557029A-E073-4BF9-8FB9-9C6C4DBAAD46\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:yokogawa:exaopc:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BA314B6-A3A0-44EC-86D5-E8EB4E5EF9F7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40831829-1F44-439C-9A19-7DAAFD36E32F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4F916DD-24BC-4955-9C30-A52C2A41B69C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D660F6DA-8694-4F23-B967-299953DFD293\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1A408C8-A7CF-439D-85E5-0DD8056A5908\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA37B07D-505E-414A-9E69-E2AAB239CA35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32BBCAC6-AB8D-4D68-A5E4-F7FBFC3F4B33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB1B75CD-C0BA-4046-A49E-9903B3B5972C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E07B64DB-E820-467B-A603-971970637FB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6813F466-42F8-4013-97A4-DA6E5D7C52F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B0FEB1C-1427-4875-82C6-7EBD2B262766\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1824EC58-BCB1-4876-8729-2B6FF2FF8D1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.09.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B948C6E-88E0-4255-BBFF-06EA3EE3E532\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"r4.03.00\", \"matchCriteriaId\": \"17E2BF7A-E5D0-43AE-A873-EFC735EC58A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_vp:r5.01.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03E36D9A-F300-43F1-BB98-CBD6ED4C23D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_vp:r5.01.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C57B4087-1B80-49E3-8E8E-65CA1F72F650\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_vp:r5.02.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAE82C01-C287-47A0-8141-AA2DF5E477D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_vp:r5.03.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BF09836-F1D9-45B1-A9D7-CAE63D07037E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"161A4767-228C-4681-9D20-81D9380CE48A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.\"}, {\"lang\": \"es\", \"value\": \"Gesti\\u00f3n de paquetes por lotes en BKBCopyD.exe en Yokogawa CENTUM CS 3000 a trav\\u00e9s de R3.09.50 y CENTUM VP a trav\\u00e9s de R4.03.00 y R5x a trav\\u00e9s de R5.04.00, y Exaopc a trav\\u00e9s de R3.72.10 No requiere autenticaci\\u00f3n, lo que permite a atacantes leer ficheros arbitrarios a trav\\u00e9s de la operaci\\u00f3n RETR, escribir en ficheros arbitrarios a trav\\u00e9s de la operaci\\u00f3n STOR, o obtener informaci\\u00f3n sensible de la ubicaci\\u00f3n de la base de datos a trav\\u00e9s de la operaci\\u00f3n PMODE, una vulnerabilidad diferente a CVE-2014-0784\"}]",
      "id": "CVE-2014-5208",
      "lastModified": "2024-11-21T02:11:37.720",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-12-22T17:59:00.063",
      "references": "[{\"url\": \"http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf\", \"source\": \"cret@cert.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access\", \"source\": \"cret@cert.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A\", \"source\": \"cret@cert.org\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-5208\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2014-12-22T17:59:00.063\",\"lastModified\":\"2024-11-21T02:11:37.720\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.\"},{\"lang\":\"es\",\"value\":\"Gesti\u00f3n de paquetes por lotes en BKBCopyD.exe en Yokogawa CENTUM CS 3000 a trav\u00e9s de R3.09.50 y CENTUM VP a trav\u00e9s de R4.03.00 y R5x a trav\u00e9s de R5.04.00, y Exaopc a trav\u00e9s de R3.72.10 No requiere autenticaci\u00f3n, lo que permite a atacantes leer ficheros arbitrarios a trav\u00e9s de la operaci\u00f3n RETR, escribir en ficheros arbitrarios a trav\u00e9s de la operaci\u00f3n STOR, o obtener informaci\u00f3n sensible de la ubicaci\u00f3n de la base de datos a trav\u00e9s de la operaci\u00f3n PMODE, una vulnerabilidad diferente a CVE-2014-0784\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.71.10\",\"matchCriteriaId\":\"9557029A-E073-4BF9-8FB9-9C6C4DBAAD46\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:yokogawa:exaopc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BA314B6-A3A0-44EC-86D5-E8EB4E5EF9F7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40831829-1F44-439C-9A19-7DAAFD36E32F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4F916DD-24BC-4955-9C30-A52C2A41B69C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D660F6DA-8694-4F23-B967-299953DFD293\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1A408C8-A7CF-439D-85E5-0DD8056A5908\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA37B07D-505E-414A-9E69-E2AAB239CA35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32BBCAC6-AB8D-4D68-A5E4-F7FBFC3F4B33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB1B75CD-C0BA-4046-A49E-9903B3B5972C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E07B64DB-E820-467B-A603-971970637FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6813F466-42F8-4013-97A4-DA6E5D7C52F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B0FEB1C-1427-4875-82C6-7EBD2B262766\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1824EC58-BCB1-4876-8729-2B6FF2FF8D1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.09.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B948C6E-88E0-4255-BBFF-06EA3EE3E532\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"r4.03.00\",\"matchCriteriaId\":\"17E2BF7A-E5D0-43AE-A873-EFC735EC58A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_vp:r5.01.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03E36D9A-F300-43F1-BB98-CBD6ED4C23D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_vp:r5.01.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C57B4087-1B80-49E3-8E8E-65CA1F72F650\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_vp:r5.02.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAE82C01-C287-47A0-8141-AA2DF5E477D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_vp:r5.03.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BF09836-F1D9-45B1-A9D7-CAE63D07037E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"161A4767-228C-4681-9D20-81D9380CE48A\"}]}]}],\"references\":[{\"url\":\"http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

ghsa-52h8-fmg8-32xq

Vulnerability from github

Published

2022-05-17 04:19

Modified

2022-05-17 04:19

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-5208"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-12-22T17:59:00Z",
    "severity": "HIGH"
  },
  "details": "BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.",
  "id": "GHSA-52h8-fmg8-32xq",
  "modified": "2022-05-17T04:19:19Z",
  "published": "2022-05-17T04:19:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5208"
    },
    {
      "type": "WEB",
      "url": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A"
    },
    {
      "type": "WEB",
      "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2014-5208

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-5208

Aliases

CVE-2014-5208

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-5208",
    "description": "BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.",
    "id": "GSD-2014-5208"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-5208"
      ],
      "details": "BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.",
      "id": "GSD-2014-5208",
      "modified": "2023-12-13T01:22:52.661378Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2014-5208",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A"
          },
          {
            "name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf",
            "refsource": "CONFIRM",
            "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf"
          },
          {
            "name": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access",
            "refsource": "MISC",
            "url": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.71.10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yokogawa:exaopc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09.50:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:r5.02.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:r5.03.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:r5.01.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "r4.03.00",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:r5.01.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2014-5208"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A"
            },
            {
              "name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2014-12-22T19:27Z",
      "publishedDate": "2014-12-22T17:59Z"
    }
  }
}

BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784. Provided by Yokogawa Electric Corporation CENTUM and Exaopc Is BKBCopyD.exe There is a problem in the processing of the file, and there is a vulnerability that can access arbitrary files. In addition, National Vulnerability Database (NVD) Then CWE-284 It is published as Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlCrafted communication frame 20111/tcp By sending to, arbitrary files may be obtained or created with the user's authority. Yokogawa CENTUM CS3000 is a production control system.

If Yokogawa CENTUM's multiple products have Batch Management installed, they will start the BKBCopyD.exe service and listen on the 20111 / TCP port. There is no verification mechanism, allowing attackers to use the vulnerability to perform malicious operations, such as reading and writing files. Multiple Yokogawa products are prone to a security weakness. An attacker may leverage this issue to obtain potentially sensitive information and perform unauthorized actions in the context of the affected application. Yokogawa CENTUM CS, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Exaopc is an OPC data access server. The vulnerability is caused by the program not requiring authentication. The following products and versions are affected: Yokogawa CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R4.03.00 and earlier, R5.x R5.04.00 and earlier, Exaopc R3.72.10 and earlier

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201412-0282",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r3.09.50"
      },
      {
        "model": "centum vp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r5.03.00"
      },
      {
        "model": "centum vp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r5.02.00"
      },
      {
        "model": "centum vp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r5.01.00"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r3.02"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r3.01"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r3.05"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r3.03"
      },
      {
        "model": "centum vp",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r5.01.20"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r3.07"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r3.08.70"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r3.04"
      },
      {
        "model": "centum vp",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r4.03.00"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r3.08"
      },
      {
        "model": "exaopc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "3.71.10"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r3.08.50"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r3.09"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r3.06"
      },
      {
        "model": "centum cs 3000",
        "scope": null,
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": null
      },
      {
        "model": "centum cs 3000 entry class",
        "scope": null,
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": null
      },
      {
        "model": "centum cs 3000 entry class software",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "r3.09.50"
      },
      {
        "model": "centum cs 3000 software",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "r3.09.50"
      },
      {
        "model": "centum vp",
        "scope": null,
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": null
      },
      {
        "model": "centum vp entry class",
        "scope": null,
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": null
      },
      {
        "model": "centum vp entry class software",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "r4.03.00"
      },
      {
        "model": "centum vp entry class software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "r5.04.00 for up to  r5.x"
      },
      {
        "model": "centum vp software",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "r4.03.00"
      },
      {
        "model": "centum vp software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "r5.04.00 for up to  r5.x"
      },
      {
        "model": "exaopc",
        "scope": null,
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": null
      },
      {
        "model": "exaopc",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "r3.72.10"
      },
      {
        "model": "centum cs r3.09.50",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "yokogawa electric",
        "version": "3000"
      },
      {
        "model": "centum vp r4.03.00",
        "scope": null,
        "trust": 0.6,
        "vendor": "yokogawa electric",
        "version": null
      },
      {
        "model": "centum vp r5.04.00",
        "scope": null,
        "trust": 0.6,
        "vendor": "yokogawa electric",
        "version": null
      },
      {
        "model": "exaopc r3.72.10",
        "scope": null,
        "trust": 0.6,
        "vendor": "yokogawa electric",
        "version": null
      },
      {
        "model": "centum vp",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "yokogawa",
        "version": "r4.03.00"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-06375"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004249"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-5208"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1190"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.71.10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yokogawa:exaopc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09.50:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:r5.02.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:r5.03.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:r5.01.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "r4.03.00",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:r5.01.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-5208"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Tod Beardsley and Jim Denaro",
    "sources": [
      {
        "db": "BID",
        "id": "69886"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1190"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2014-5208",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2014-004249",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2014-06375",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-73149",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-5208",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2014-004249",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2014-06375",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201410-1190",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-73149",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-06375"
      },
      {
        "db": "VULHUB",
        "id": "VHN-73149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004249"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-5208"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1190"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784. Provided by Yokogawa Electric Corporation CENTUM and Exaopc Is BKBCopyD.exe There is a problem in the processing of the file, and there is a vulnerability that can access arbitrary files. In addition, National Vulnerability Database (NVD) Then CWE-284 It is published as Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlCrafted communication frame 20111/tcp By sending to, arbitrary files may be obtained or created with the user\u0027s authority. Yokogawa CENTUM CS3000 is a production control system. \n\nIf Yokogawa CENTUM\u0027s multiple products have Batch Management installed, they will start the BKBCopyD.exe service and listen on the 20111 / TCP port. There is no verification mechanism, allowing attackers to use the vulnerability to perform malicious operations, such as reading and writing files. Multiple Yokogawa products are prone to a security weakness. \nAn attacker may leverage this issue to obtain potentially sensitive information and perform unauthorized actions in the context of the affected application. Yokogawa CENTUM CS, etc. are all products of Japan\u0027s Yokogawa Electric (Yokogawa) company. Exaopc is an OPC data access server. The vulnerability is caused by the program not requiring authentication. The following products and versions are affected: Yokogawa CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R4.03.00 and earlier, R5.x R5.04.00 and earlier, Exaopc R3.72.10 and earlier",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-5208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004249"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-06375"
      },
      {
        "db": "BID",
        "id": "69886"
      },
      {
        "db": "VULHUB",
        "id": "VHN-73149"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-5208",
        "trust": 3.4
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-260-01A",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "69886",
        "trust": 1.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-260-01",
        "trust": 1.4
      },
      {
        "db": "JVN",
        "id": "JVNVU95634161",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004249",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1190",
        "trust": 0.7
      },
      {
        "db": "OSVDB",
        "id": "111675",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-06375",
        "trust": 0.6
      },
      {
        "db": "SECUNIA",
        "id": "61323",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-73149",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-06375"
      },
      {
        "db": "VULHUB",
        "id": "VHN-73149"
      },
      {
        "db": "BID",
        "id": "69886"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004249"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-5208"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1190"
      }
    ]
  },
  "id": "VAR-201412-0282",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-06375"
      },
      {
        "db": "VULHUB",
        "id": "VHN-73149"
      }
    ],
    "trust": 1.1369464933333333
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-06375"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:57:41.777000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "YSAR-14-0003E",
        "trust": 0.8,
        "url": "http://www.yokogawa.com/dcs/security/ysar/ysar-14-0003e.pdf"
      },
      {
        "title": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e \u306e\u544a\u77e5\u30da\u30fc\u30b8",
        "trust": 0.8,
        "url": "http://www.yokogawa.co.jp/dcs/security/ysar/dcs-ysar-index-ja.htm"
      },
      {
        "title": "Patch for Remote Unknown Vulnerability in Multiple Yokogawa Products",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/50488"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-06375"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004249"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-284",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-73149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004249"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-5208"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.yokogawa.com/dcs/security/ysar/ysar-14-0003e.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access"
      },
      {
        "trust": 1.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-260-01a"
      },
      {
        "trust": 1.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-260-01"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5208"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95634161/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5208"
      },
      {
        "trust": 0.6,
        "url": "http://osvdb.com/show/osvdb/111675"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/61323"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/69886"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-06375"
      },
      {
        "db": "VULHUB",
        "id": "VHN-73149"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004249"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-5208"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1190"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-06375"
      },
      {
        "db": "VULHUB",
        "id": "VHN-73149"
      },
      {
        "db": "BID",
        "id": "69886"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004249"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-5208"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1190"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-09-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-06375"
      },
      {
        "date": "2014-12-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-73149"
      },
      {
        "date": "2014-09-17T00:00:00",
        "db": "BID",
        "id": "69886"
      },
      {
        "date": "2014-09-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004249"
      },
      {
        "date": "2014-12-22T17:59:00.063000",
        "db": "NVD",
        "id": "CVE-2014-5208"
      },
      {
        "date": "2014-09-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-1190"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-09-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-06375"
      },
      {
        "date": "2014-12-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-73149"
      },
      {
        "date": "2014-12-03T07:57:00",
        "db": "BID",
        "id": "69886"
      },
      {
        "date": "2014-12-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-004249"
      },
      {
        "date": "2014-12-22T19:27:03.713000",
        "db": "NVD",
        "id": "CVE-2014-5208"
      },
      {
        "date": "2014-12-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-1190"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1190"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CENTUM and  Exaopc Vulnerabilities that allow access to arbitrary files",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-004249"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Access Validation Error",
    "sources": [
      {
        "db": "BID",
        "id": "69886"
      }
    ],
    "trust": 0.3
  }
}

cve-2014-5208

Vulnerability from fkie_nvd

Published

2014-12-22 17:59

Modified

2024-11-21 02:11

Severity ?

Summary

References

URL	Tags
cret@cert.org	http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf	Vendor Advisory
cret@cert.org	https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access	Exploit
cret@cert.org	https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
yokogawa	exaopc	*
yokogawa	exaopc	-
yokogawa	centum_cs_3000	r3.01
yokogawa	centum_cs_3000	r3.02
yokogawa	centum_cs_3000	r3.03
yokogawa	centum_cs_3000	r3.04
yokogawa	centum_cs_3000	r3.05
yokogawa	centum_cs_3000	r3.06
yokogawa	centum_cs_3000	r3.07
yokogawa	centum_cs_3000	r3.08
yokogawa	centum_cs_3000	r3.08.50
yokogawa	centum_cs_3000	r3.08.70
yokogawa	centum_cs_3000	r3.09
yokogawa	centum_cs_3000	r3.09.50
yokogawa	centum_cs_3000	-
yokogawa	centum_vp	*
yokogawa	centum_vp	r5.01.00
yokogawa	centum_vp	r5.01.20
yokogawa	centum_vp	r5.02.00
yokogawa	centum_vp	r5.03.00
yokogawa	centum_vp	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9557029A-E073-4BF9-8FB9-9C6C4DBAAD46",
              "versionEndIncluding": "3.71.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:yokogawa:exaopc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BA314B6-A3A0-44EC-86D5-E8EB4E5EF9F7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "40831829-1F44-439C-9A19-7DAAFD36E32F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4F916DD-24BC-4955-9C30-A52C2A41B69C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "D660F6DA-8694-4F23-B967-299953DFD293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A408C8-A7CF-439D-85E5-0DD8056A5908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA37B07D-505E-414A-9E69-E2AAB239CA35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "32BBCAC6-AB8D-4D68-A5E4-F7FBFC3F4B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1B75CD-C0BA-4046-A49E-9903B3B5972C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07B64DB-E820-467B-A603-971970637FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "6813F466-42F8-4013-97A4-DA6E5D7C52F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B0FEB1C-1427-4875-82C6-7EBD2B262766",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "1824EC58-BCB1-4876-8729-2B6FF2FF8D1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B948C6E-88E0-4255-BBFF-06EA3EE3E532",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E2BF7A-E5D0-43AE-A873-EFC735EC58A2",
              "versionEndIncluding": "r4.03.00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_vp:r5.01.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E36D9A-F300-43F1-BB98-CBD6ED4C23D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_vp:r5.01.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "C57B4087-1B80-49E3-8E8E-65CA1F72F650",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_vp:r5.02.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAE82C01-C287-47A0-8141-AA2DF5E477D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_vp:r5.03.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BF09836-F1D9-45B1-A9D7-CAE63D07037E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784."
    },
    {
      "lang": "es",
      "value": "Gesti\u00f3n de paquetes por lotes en BKBCopyD.exe en Yokogawa CENTUM CS 3000 a trav\u00e9s de R3.09.50 y CENTUM VP a trav\u00e9s de R4.03.00 y R5x a trav\u00e9s de R5.04.00, y Exaopc a trav\u00e9s de R3.72.10 No requiere autenticaci\u00f3n, lo que permite a atacantes leer ficheros arbitrarios a trav\u00e9s de la operaci\u00f3n RETR, escribir en ficheros arbitrarios a trav\u00e9s de la operaci\u00f3n STOR, o obtener informaci\u00f3n sensible de la ubicaci\u00f3n de la base de datos a trav\u00e9s de la operaci\u00f3n PMODE, una vulnerabilidad diferente a CVE-2014-0784"
    }
  ],
  "id": "CVE-2014-5208",
  "lastModified": "2024-11-21T02:11:37.720",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-22T17:59:00.063",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2014-5208

Vulnerability from cvelistv5

ghsa-52h8-fmg8-32xq

Vulnerability from github

gsd-2014-5208

Vulnerability from gsd

var-201412-0282

Vulnerability from variot

cve-2014-5208

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature