var-201412-0282
Vulnerability from variot
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784. Provided by Yokogawa Electric Corporation CENTUM and Exaopc Is BKBCopyD.exe There is a problem in the processing of the file, and there is a vulnerability that can access arbitrary files. In addition, National Vulnerability Database (NVD) Then CWE-284 It is published as Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlCrafted communication frame 20111/tcp By sending to, arbitrary files may be obtained or created with the user's authority. Yokogawa CENTUM CS3000 is a production control system.
If Yokogawa CENTUM's multiple products have Batch Management installed, they will start the BKBCopyD.exe service and listen on the 20111 / TCP port. There is no verification mechanism, allowing attackers to use the vulnerability to perform malicious operations, such as reading and writing files. Multiple Yokogawa products are prone to a security weakness. An attacker may leverage this issue to obtain potentially sensitive information and perform unauthorized actions in the context of the affected application. Yokogawa CENTUM CS, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Exaopc is an OPC data access server. The vulnerability is caused by the program not requiring authentication. The following products and versions are affected: Yokogawa CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R4.03.00 and earlier, R5.x R5.04.00 and earlier, Exaopc R3.72.10 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0282",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 1.6,
"vendor": "yokogawa",
"version": "r3.09.50"
},
{
"model": "centum vp",
"scope": "eq",
"trust": 1.6,
"vendor": "yokogawa",
"version": "r5.03.00"
},
{
"model": "centum vp",
"scope": "eq",
"trust": 1.6,
"vendor": "yokogawa",
"version": "r5.02.00"
},
{
"model": "centum vp",
"scope": "eq",
"trust": 1.6,
"vendor": "yokogawa",
"version": "r5.01.00"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 1.6,
"vendor": "yokogawa",
"version": "r3.02"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 1.6,
"vendor": "yokogawa",
"version": "r3.01"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 1.6,
"vendor": "yokogawa",
"version": "r3.05"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 1.6,
"vendor": "yokogawa",
"version": "r3.03"
},
{
"model": "centum vp",
"scope": "eq",
"trust": 1.6,
"vendor": "yokogawa",
"version": "r5.01.20"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.07"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.70"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.04"
},
{
"model": "centum vp",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r4.03.00"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08"
},
{
"model": "exaopc",
"scope": "lte",
"trust": 1.0,
"vendor": "yokogawa",
"version": "3.71.10"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.08.50"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.09"
},
{
"model": "centum cs 3000",
"scope": "eq",
"trust": 1.0,
"vendor": "yokogawa",
"version": "r3.06"
},
{
"model": "centum cs 3000",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum cs 3000 entry class",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum cs 3000 entry class software",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r3.09.50"
},
{
"model": "centum cs 3000 software",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r3.09.50"
},
{
"model": "centum vp",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum vp entry class",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum vp entry class software",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.03.00"
},
{
"model": "centum vp entry class software",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r5.04.00 for up to r5.x"
},
{
"model": "centum vp software",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r4.03.00"
},
{
"model": "centum vp software",
"scope": "eq",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r5.04.00 for up to r5.x"
},
{
"model": "exaopc",
"scope": null,
"trust": 0.8,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "exaopc",
"scope": "lte",
"trust": 0.8,
"vendor": "yokogawa electric",
"version": "r3.72.10"
},
{
"model": "centum cs r3.09.50",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa electric",
"version": "3000"
},
{
"model": "centum vp r4.03.00",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum vp r5.04.00",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "exaopc r3.72.10",
"scope": null,
"trust": 0.6,
"vendor": "yokogawa electric",
"version": null
},
{
"model": "centum vp",
"scope": "eq",
"trust": 0.6,
"vendor": "yokogawa",
"version": "r4.03.00"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06375"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004249"
},
{
"db": "NVD",
"id": "CVE-2014-5208"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1190"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.71.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:exaopc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:r5.02.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:r5.03.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:r5.01.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "r4.03.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:yokogawa:centum_vp:r5.01.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5208"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tod Beardsley and Jim Denaro",
"sources": [
{
"db": "BID",
"id": "69886"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1190"
}
],
"trust": 0.9
},
"cve": "CVE-2014-5208",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2014-004249",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-06375",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-73149",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-5208",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2014-004249",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-06375",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-1190",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-73149",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06375"
},
{
"db": "VULHUB",
"id": "VHN-73149"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004249"
},
{
"db": "NVD",
"id": "CVE-2014-5208"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1190"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784. Provided by Yokogawa Electric Corporation CENTUM and Exaopc Is BKBCopyD.exe There is a problem in the processing of the file, and there is a vulnerability that can access arbitrary files. In addition, National Vulnerability Database (NVD) Then CWE-284 It is published as Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlCrafted communication frame 20111/tcp By sending to, arbitrary files may be obtained or created with the user\u0027s authority. Yokogawa CENTUM CS3000 is a production control system. \n\nIf Yokogawa CENTUM\u0027s multiple products have Batch Management installed, they will start the BKBCopyD.exe service and listen on the 20111 / TCP port. There is no verification mechanism, allowing attackers to use the vulnerability to perform malicious operations, such as reading and writing files. Multiple Yokogawa products are prone to a security weakness. \nAn attacker may leverage this issue to obtain potentially sensitive information and perform unauthorized actions in the context of the affected application. Yokogawa CENTUM CS, etc. are all products of Japan\u0027s Yokogawa Electric (Yokogawa) company. Exaopc is an OPC data access server. The vulnerability is caused by the program not requiring authentication. The following products and versions are affected: Yokogawa CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R4.03.00 and earlier, R5.x R5.04.00 and earlier, Exaopc R3.72.10 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5208"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004249"
},
{
"db": "CNVD",
"id": "CNVD-2014-06375"
},
{
"db": "BID",
"id": "69886"
},
{
"db": "VULHUB",
"id": "VHN-73149"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5208",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-14-260-01A",
"trust": 1.7
},
{
"db": "BID",
"id": "69886",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-14-260-01",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU95634161",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004249",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1190",
"trust": 0.7
},
{
"db": "OSVDB",
"id": "111675",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-06375",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "61323",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-73149",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06375"
},
{
"db": "VULHUB",
"id": "VHN-73149"
},
{
"db": "BID",
"id": "69886"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004249"
},
{
"db": "NVD",
"id": "CVE-2014-5208"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1190"
}
]
},
"id": "VAR-201412-0282",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06375"
},
{
"db": "VULHUB",
"id": "VHN-73149"
}
],
"trust": 1.1369464933333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06375"
}
]
},
"last_update_date": "2023-12-18T13:57:41.777000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "YSAR-14-0003E",
"trust": 0.8,
"url": "http://www.yokogawa.com/dcs/security/ysar/ysar-14-0003e.pdf"
},
{
"title": "\u6a2a\u6cb3\u96fb\u6a5f\u682a\u5f0f\u4f1a\u793e \u306e\u544a\u77e5\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.yokogawa.co.jp/dcs/security/ysar/dcs-ysar-index-ja.htm"
},
{
"title": "Patch for Remote Unknown Vulnerability in Multiple Yokogawa Products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/50488"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06375"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004249"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73149"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004249"
},
{
"db": "NVD",
"id": "CVE-2014-5208"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.yokogawa.com/dcs/security/ysar/ysar-14-0003e.pdf"
},
{
"trust": 1.7,
"url": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-260-01a"
},
{
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-260-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5208"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95634161/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5208"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/111675"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/61323"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69886"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06375"
},
{
"db": "VULHUB",
"id": "VHN-73149"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004249"
},
{
"db": "NVD",
"id": "CVE-2014-5208"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1190"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-06375"
},
{
"db": "VULHUB",
"id": "VHN-73149"
},
{
"db": "BID",
"id": "69886"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004249"
},
{
"db": "NVD",
"id": "CVE-2014-5208"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-1190"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06375"
},
{
"date": "2014-12-22T00:00:00",
"db": "VULHUB",
"id": "VHN-73149"
},
{
"date": "2014-09-17T00:00:00",
"db": "BID",
"id": "69886"
},
{
"date": "2014-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004249"
},
{
"date": "2014-12-22T17:59:00.063000",
"db": "NVD",
"id": "CVE-2014-5208"
},
{
"date": "2014-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1190"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06375"
},
{
"date": "2014-12-22T00:00:00",
"db": "VULHUB",
"id": "VHN-73149"
},
{
"date": "2014-12-03T07:57:00",
"db": "BID",
"id": "69886"
},
{
"date": "2014-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004249"
},
{
"date": "2014-12-22T19:27:03.713000",
"db": "NVD",
"id": "CVE-2014-5208"
},
{
"date": "2014-12-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-1190"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-1190"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CENTUM and Exaopc Vulnerabilities that allow access to arbitrary files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004249"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access Validation Error",
"sources": [
{
"db": "BID",
"id": "69886"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.