CVE-2014-5208 - Vulnerability Details

Vendors	Products
Yokogawa	Centum Cs 3000 Centum Vp Exaopc

Link	Providers
http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf
https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access
https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-09T00:00:00", "descriptions": [{"lang": "en", "value": "BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-12-22T17:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2014-5208", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A"}, {"name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf", "refsource": "CONFIRM", "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf"}, {"name": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access", "refsource": "MISC", "url": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:41:47.467Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2014-5208", "datePublished": "2014-12-22T17:00:00", "dateReserved": "2014-08-13T00:00:00", "dateUpdated": "2024-08-06T11:41:47.467Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2014-08-09T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2014-12-22T17:57:01 (string)

orgId : 37e5125f-f79b-445b-8fad-9564f167944b (string)

shortName : certcc (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cert@cert.org (string)

ID : CVE-2014-5208 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A (string)

refsource : MISC (string)

url : https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A (string)

}

1 : { »

name : http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf (string)

refsource : CONFIRM (string)

url : http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf (string)

}

2 : { »

name : https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access (string)

refsource : MISC (string)

url : https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T11:41:47.467Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 37e5125f-f79b-445b-8fad-9564f167944b (string)

assignerShortName : certcc (string)

cveId : CVE-2014-5208 (string)

datePublished : 2014-12-22T17:00:00 (string)

dateReserved : 2014-08-13T00:00:00 (string)

dateUpdated : 2024-08-06T11:41:47.467Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*", "matchCriteriaId": "9557029A-E073-4BF9-8FB9-9C6C4DBAAD46", "versionEndIncluding": "3.71.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:exaopc:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BA314B6-A3A0-44EC-86D5-E8EB4E5EF9F7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*", "matchCriteriaId": "40831829-1F44-439C-9A19-7DAAFD36E32F", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*", "matchCriteriaId": "C4F916DD-24BC-4955-9C30-A52C2A41B69C", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*", "matchCriteriaId": "D660F6DA-8694-4F23-B967-299953DFD293", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*", "matchCriteriaId": "D1A408C8-A7CF-439D-85E5-0DD8056A5908", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*", "matchCriteriaId": "CA37B07D-505E-414A-9E69-E2AAB239CA35", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*", "matchCriteriaId": "32BBCAC6-AB8D-4D68-A5E4-F7FBFC3F4B33", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*", "matchCriteriaId": "BB1B75CD-C0BA-4046-A49E-9903B3B5972C", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*", "matchCriteriaId": "E07B64DB-E820-467B-A603-971970637FB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*", "matchCriteriaId": "6813F466-42F8-4013-97A4-DA6E5D7C52F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*", "matchCriteriaId": "7B0FEB1C-1427-4875-82C6-7EBD2B262766", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*", "matchCriteriaId": "1824EC58-BCB1-4876-8729-2B6FF2FF8D1D", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09.50:*:*:*:*:*:*:*", "matchCriteriaId": "6B948C6E-88E0-4255-BBFF-06EA3EE3E532", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:*", "matchCriteriaId": "17E2BF7A-E5D0-43AE-A873-EFC735EC58A2", "versionEndIncluding": "r4.03.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:centum_vp:r5.01.00:*:*:*:*:*:*:*", "matchCriteriaId": "03E36D9A-F300-43F1-BB98-CBD6ED4C23D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:centum_vp:r5.01.20:*:*:*:*:*:*:*", "matchCriteriaId": "C57B4087-1B80-49E3-8E8E-65CA1F72F650", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:centum_vp:r5.02.00:*:*:*:*:*:*:*", "matchCriteriaId": "BAE82C01-C287-47A0-8141-AA2DF5E477D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:yokogawa:centum_vp:r5.03.00:*:*:*:*:*:*:*", "matchCriteriaId": "6BF09836-F1D9-45B1-A9D7-CAE63D07037E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*", "matchCriteriaId": "161A4767-228C-4681-9D20-81D9380CE48A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784."}, {"lang": "es", "value": "Gesti\u00f3n de paquetes por lotes en BKBCopyD.exe en Yokogawa CENTUM CS 3000 a trav\u00e9s de R3.09.50 y CENTUM VP a trav\u00e9s de R4.03.00 y R5x a trav\u00e9s de R5.04.00, y Exaopc a trav\u00e9s de R3.72.10 No requiere autenticaci\u00f3n, lo que permite a atacantes leer ficheros arbitrarios a trav\u00e9s de la operaci\u00f3n RETR, escribir en ficheros arbitrarios a trav\u00e9s de la operaci\u00f3n STOR, o obtener informaci\u00f3n sensible de la ubicaci\u00f3n de la base de datos a trav\u00e9s de la operaci\u00f3n PMODE, una vulnerabilidad diferente a CVE-2014-0784"}], "id": "CVE-2014-5208", "lastModified": "2024-11-21T02:11:37.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-12-22T17:59:00.063", "references": [{"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf"}, {"source": "cret@cert.org", "tags": ["Exploit"], "url": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9557029A-E073-4BF9-8FB9-9C6C4DBAAD46 (string)

versionEndIncluding : 3.71.10 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:yokogawa:exaopc:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 4BA314B6-A3A0-44EC-86D5-E8EB4E5EF9F7 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:* (string)

matchCriteriaId : 40831829-1F44-439C-9A19-7DAAFD36E32F (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:* (string)

matchCriteriaId : C4F916DD-24BC-4955-9C30-A52C2A41B69C (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:* (string)

matchCriteriaId : D660F6DA-8694-4F23-B967-299953DFD293 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:* (string)

matchCriteriaId : D1A408C8-A7CF-439D-85E5-0DD8056A5908 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:* (string)

matchCriteriaId : CA37B07D-505E-414A-9E69-E2AAB239CA35 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:* (string)

matchCriteriaId : 32BBCAC6-AB8D-4D68-A5E4-F7FBFC3F4B33 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:* (string)

matchCriteriaId : BB1B75CD-C0BA-4046-A49E-9903B3B5972C (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:* (string)

matchCriteriaId : E07B64DB-E820-467B-A603-971970637FB1 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:* (string)

matchCriteriaId : 6813F466-42F8-4013-97A4-DA6E5D7C52F8 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:* (string)

matchCriteriaId : 7B0FEB1C-1427-4875-82C6-7EBD2B262766 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:* (string)

matchCriteriaId : 1824EC58-BCB1-4876-8729-2B6FF2FF8D1D (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:yokogawa:centum_cs_3000:r3.09.50:*:*:*:*:*:*:* (string)

matchCriteriaId : 6B948C6E-88E0-4255-BBFF-06EA3EE3E532 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:* (string)

matchCriteriaId : BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 17E2BF7A-E5D0-43AE-A873-EFC735EC58A2 (string)

versionEndIncluding : r4.03.00 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:yokogawa:centum_vp:r5.01.00:*:*:*:*:*:*:* (string)

matchCriteriaId : 03E36D9A-F300-43F1-BB98-CBD6ED4C23D4 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:yokogawa:centum_vp:r5.01.20:*:*:*:*:*:*:* (string)

matchCriteriaId : C57B4087-1B80-49E3-8E8E-65CA1F72F650 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:yokogawa:centum_vp:r5.02.00:*:*:*:*:*:*:* (string)

matchCriteriaId : BAE82C01-C287-47A0-8141-AA2DF5E477D4 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:yokogawa:centum_vp:r5.03.00:*:*:*:*:*:*:* (string)

matchCriteriaId : 6BF09836-F1D9-45B1-A9D7-CAE63D07037E (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 161A4767-228C-4681-9D20-81D9380CE48A (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784. (string)

}

1 : { »

lang : es (string)

value : Gestión de paquetes por lotes en BKBCopyD.exe en Yokogawa CENTUM CS 3000 a través de R3.09.50 y CENTUM VP a través de R4.03.00 y R5x a través de R5.04.00, y Exaopc a través de R3.72.10 No requiere autenticación, lo que permite a atacantes leer ficheros arbitrarios a través de la operación RETR, escribir en ficheros arbitrarios a través de la operación STOR, o obtener información sensible de la ubicación de la base de datos a través de la operación PMODE, una vulnerabilidad diferente a CVE-2014-0784 (string)

}

]

id : CVE-2014-5208 (string)

lastModified : 2024-11-21T02:11:37.720 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2014-12-22T17:59:00.063 (string)

references : [ »

0 : { »

source : cret@cert.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf (string)

}

1 : { »

source : cret@cert.org (string)

tags : [ »

0 : Exploit (string)

]

url : https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access (string)

}

2 : { »

source : cret@cert.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

]

url : https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A (string)

}

]

sourceIdentifier : cret@cert.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-284 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object