cbcvebase.
CVE-2019-5909
published 2019-02-13

CVE-2019-5909: License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00)…

PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.41%
91.7th percentile
License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors.

Affected

5 ranges
VendorProductVersion rangeFixed in
yokogawab_m_9000_vpr7.01.01 – r8.02.03
yokogawacentum_vpr5.01.00 – r6.06.00
yokogawaprmr4.01.00 – r4.02.00
yokogawaprosafe-rsr3.01.00 – r4.04.00
yokogawa_electric_corporationlicense_manager_service_of_yokogawa_products

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is an unrestricted file upload (CWE-434) in Yokogawa License Manager Service, exploitable remotely with no authentication (PR:N/UI:N). Monitor for unexpected file uploads or new files appearing in directories associated with the License Manager Service process.
  • The attack vector is network-based with high complexity (AV:N/AC:H/PR:N/UI:N). Monitor inbound network traffic to hosts running Yokogawa License Manager Service for anomalous file-transfer activity from untrusted sources.
  • Affected products include CENTUM VP, CENTUM VP Entry Class, ProSafe-RS, PRM, and B/M9000 VP. Identify and inventory all hosts running these products within the specified version ranges as potential targets.
  • ·The exact network port(s), protocol, and file upload vectors used by the License Manager Service are not publicly disclosed; exploitation vectors are described as 'unspecified'.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.