Lucene search

[email protected]NVD:CVE-2020-5608

HistoryAug 05, 2020 - 2:15 p.m.

CVE-2020-5608

2020-08-0514:15:13

CWE-287

[email protected]

web.nvd.nist.gov

cam

centum cs 3000

centum vp

b/m9000cs

b/m9000 vp

remote

authentication

bypass

vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.007

Percentile

80.5%

JSON

CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors.

Affected configurations

Nvd

Node

yokogawacentum_cs_3000Match-

AND

yokogawacentum_cs_3000_firmwareRanger3.08.10–r3.09.50

Node

yokogawacentum_vpMatch-

AND

yokogawacentum_vp_firmwareRanger4.01.00–r4.03.00

yokogawacentum_vp_firmwareRanger5.01.00–r5.04.20

yokogawacentum_vp_firmwareRanger6.01.00–r6.07.00

Node

yokogawab\/m9000csMatch-

AND

yokogawab\/m9000cs_firmwareRanger5.04.01–r5.05.01

Node

yokogawab\/m9000vpMatch-

AND

yokogawab\/m9000vp_firmwareRanger6.01.01–r8.03.01

VendorProductVersionCPE
yokogawacentum_cs_3000-cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*
yokogawacentum_cs_3000_firmware*cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*
yokogawacentum_vp-cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*
yokogawacentum_vp_firmware*cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*
yokogawab\/m9000cs-cpe:2.3:h:yokogawa:b\/m9000cs:-:*:*:*:*:*:*:*
yokogawab\/m9000cs_firmware*cpe:2.3:o:yokogawa:b\/m9000cs_firmware:*:*:*:*:*:*:*:*
yokogawab\/m9000vp-cpe:2.3:h:yokogawa:b\/m9000vp:-:*:*:*:*:*:*:*
yokogawab\/m9000vp_firmware*cpe:2.3:o:yokogawa:b\/m9000vp_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yokogawa	centum_cs_3000	-	cpe:2.3:h:yokogawa:centum_cs_3000:-:::::::*
yokogawa	centum_cs_3000_firmware	*	cpe:2.3:o:yokogawa:centum_cs_3000_firmware::::::::
yokogawa	centum_vp	-	cpe:2.3:h:yokogawa:centum_vp:-:::::::*
yokogawa	centum_vp_firmware	*	cpe:2.3:o:yokogawa:centum_vp_firmware::::::::
yokogawa	b\/m9000cs	-	cpe:2.3:h:yokogawa:b\/m9000cs:-:::::::*
yokogawa	b\/m9000cs_firmware	*	cpe:2.3:o:yokogawa:b\/m9000cs_firmware::::::::
yokogawa	b\/m9000vp	-	cpe:2.3:h:yokogawa:b\/m9000vp:-:::::::*
yokogawa	b\/m9000vp_firmware	*	cpe:2.3:o:yokogawa:b\/m9000vp_firmware::::::::

References

jvn.jp/vu/JVNVU97997181/index.html

web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.007

Percentile

80.5%

JSON

Related for NVD:CVE-2020-5608

cve1 cvelist1 nessus2 prion1 ics1