CVE-2019-5909
published 2019-02-13CVE-2019-5909: License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00)…
PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.41%
91.7th percentile
License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yokogawa | b_m_9000_vp | r7.01.01 – r8.02.03 | — |
| yokogawa | centum_vp | r5.01.00 – r6.06.00 | — |
| yokogawa | prm | r4.01.00 – r4.02.00 | — |
| yokogawa | prosafe-rs | r3.01.00 – r4.04.00 | — |
| yokogawa_electric_corporation | license_manager_service_of_yokogawa_products | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is an unrestricted file upload (CWE-434) in Yokogawa License Manager Service, exploitable remotely with no authentication (PR:N/UI:N). Monitor for unexpected file uploads or new files appearing in directories associated with the License Manager Service process. ↗
- →The attack vector is network-based with high complexity (AV:N/AC:H/PR:N/UI:N). Monitor inbound network traffic to hosts running Yokogawa License Manager Service for anomalous file-transfer activity from untrusted sources. ↗
- →Affected products include CENTUM VP, CENTUM VP Entry Class, ProSafe-RS, PRM, and B/M9000 VP. Identify and inventory all hosts running these products within the specified version ranges as potential targets. ↗
- ·The exact network port(s), protocol, and file upload vectors used by the License Manager Service are not publicly disclosed; exploitation vectors are described as 'unspecified'. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2ph5-q865-h92c: License Manager Service of YOKOGAWA products (CENTUM VP (R5
ghsa_unreviewed·2022-05-13
CVE-2019-5909 [CRITICAL] CWE-287 GHSA-2ph5-q865-h92c: License Manager Service of YOKOGAWA products (CENTUM VP (R5
License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors.
CISA ICS
Yokogawa License Manager Service
cisa_ics·2019-01-29·CVSS 9.8
[CRITICAL] Yokogawa License Manager Service
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Yokogawa License Manager Service
Last RevisedJanuary 29, 2019
Alert CodeICSA-19-029-01
## 1. EXECUTIVE SUMMARY
-
CVSS v8.1
- ATTENTION: Exploitable remotely
- Vendor: Yokogawa
- Equipment: License Manager Service
- Vulnerability: Unrestricted Upload of Files with Dangerous Type
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to remotely upload files, allowing execution of arbitrary code.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following equipment and versions utilizing the Yokogawa License Manager Service are affe
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-02-13
Published