Lucene search

[email protected]CVE-2019-5909

HistoryFeb 13, 2019 - 6:29 p.m.

CVE-2019-5909

2019-02-1318:29:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2019-5909

security

bypass

vulnerability

yokogawa

centum vp

prosafe-rs

prm

b/m9000 vp

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.8%

JSON

License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors.

Affected configurations

NVD

Node

yokogawab\/m_9000_vpRanger7.01.01–r8.02.03

yokogawacentum_vpRanger5.01.00–r6.06.00

yokogawacentum_vpRanger5.01.00–r6.06.00basic

yokogawacentum_vpRanger5.01.00–r6.06.00small

yokogawaprmRanger4.01.00–r4.02.00

yokogawaprosafe-rsRanger3.01.00–r4.04.00

CPENameOperatorVersion
yokogawa:b\/m_9000_vpyokogawa b/m 9000 vpler8.02.03
yokogawa:centum_vpyokogawa centum vpler6.06.00
yokogawa:prmyokogawa prmler4.02.00
yokogawa:prosafe-rsyokogawa prosafe-rsler4.04.00

CPE	Name	Operator	Version
yokogawa:b\/m_9000_vp	yokogawa b/m 9000 vp	le	r8.02.03
yokogawa:centum_vp	yokogawa centum vp	le	r6.06.00
yokogawa:prm	yokogawa prm	le	r4.02.00
yokogawa:prosafe-rs	yokogawa prosafe-rs	le	r4.04.00

CNA Affected

[
  {
    "product": "License Manager Service of YOKOGAWA products",
    "vendor": "Yokogawa Electric Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "(CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03))"
      }
    ]
  }
]

References

jvn.jp/vu/JVNVU99147082/index.html

www.securityfocus.com/bid/106772

web-material3.yokogawa.com/1/20653/files/YSAR-19-0001-E.pdf

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.8%

JSON

Related for CVE-2019-5909

prion1 nvd1 nessus2 cvelist1 ics1