CVE-2014-5208

BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
yokogawaexaopc
𝑥
≤ 3.71.10
yokogawacentum_cs_3000
r3.01
yokogawacentum_cs_3000
r3.02
yokogawacentum_cs_3000
r3.03
yokogawacentum_cs_3000
r3.04
yokogawacentum_cs_3000
r3.05
yokogawacentum_cs_3000
r3.06
yokogawacentum_cs_3000
r3.07
yokogawacentum_cs_3000
r3.08
yokogawacentum_cs_3000
r3.08.50
yokogawacentum_cs_3000
r3.08.70
yokogawacentum_cs_3000
r3.09
yokogawacentum_cs_3000
r3.09.50
yokogawacentum_vp
𝑥
≤ r4.03.00
yokogawacentum_vp
r5.01.00
yokogawacentum_vp
r5.01.20
yokogawacentum_vp
r5.02.00
yokogawacentum_vp
r5.03.00
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf
https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access
https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A
http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf
https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access
https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A