← Back

CVE-2020-5608

nvd nist
Published: Aug 5, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors.

Affected (6)

Yokogawa
4 products
Centum Cs 3000 Firmware
Centum Vp Firmware
B/m9000cs Firmware
B/m9000vp Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Centum Cs 3000 Firmware
From r3.08.10 to r3.09.50
Running on/withPlatform Versions
Yokogawa
Centum Cs 3000
All versions
Configuration B
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Yokogawa
Centum Vp Firmware
From r4.01.00 to r4.03.00
Centum Vp Firmware
From r5.01.00 to r5.04.20
Centum Vp Firmware
From r6.01.00 to r6.07.00
Running on/withPlatform Versions
Yokogawa
Centum Vp
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
B/m9000cs Firmware
From r5.04.01 to r5.05.01
Running on/withPlatform Versions
Yokogawa
B/m9000cs
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
B/m9000vp Firmware
From r6.01.01 to r8.03.01
Running on/withPlatform Versions
Yokogawa
B/m9000vp
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

Source: vultures@jpcert.or.jp
Third Party Advisory
Source: vultures@jpcert.or.jp
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.