CVE-2020-5609

Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:yokogawa:b\/m9000cs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yokogawa:b\/m9000cs:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:yokogawa:b\/m9000vp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:yokogawa:b\/m9000vp:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:34

Type Values Removed Values Added
References () https://jvn.jp/vu/JVNVU97997181/index.html - Third Party Advisory () https://jvn.jp/vu/JVNVU97997181/index.html - Third Party Advisory
References () https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf - Vendor Advisory () https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf - Vendor Advisory

Information

Published : 2020-08-05 14:15

Updated : 2024-11-21 05:34


NVD link : CVE-2020-5609

Mitre link : CVE-2020-5609

CVE.ORG link : CVE-2020-5609


JSON object : View

Products Affected

yokogawa

  • centum_vp
  • b\/m9000vp_firmware
  • centum_vp_firmware
  • b\/m9000cs
  • centum_cs_3000
  • b\/m9000cs_firmware
  • centum_cs_3000_firmware
  • b\/m9000vp
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')