cbcvebase.
CVE-2020-5608
published 2020-08-05

CVE-2020-5608: CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.59%
72.6th percentile
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors.

Affected

7 ranges
VendorProductVersion rangeFixed in
yokogawab_m9000cs_firmwarer5.04.01 – r5.05.01
yokogawab_m9000vp_firmwarer6.01.01 – r8.03.01
yokogawacentum_cs_3000_firmwarer3.08.10 – r3.09.50
yokogawacentum_vp_firmwarer4.01.00 – r4.03.00
yokogawacentum_vp_firmwarer5.01.00 – r5.04.20
yokogawacentum_vp_firmwarer6.01.00 – r6.07.00
yokogawa_electric_corporationcams_for_his

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2020-5608 involves improper authentication in CAMS for HIS component of Yokogawa CENTUM products, allowing a remote unauthenticated attacker to bypass authentication and send tampered/altered communication packets over the network (adjacent network vector).
  • The attack vector is adjacent network (AV:A), meaning exploitation is limited to attackers on the same network segment. Monitor for unexpected or malformed CAMS for HIS protocol traffic originating from unauthorized hosts on the OT/ICS network.
  • No authentication is required to exploit this vulnerability (PR:N/UI:N). Detect unauthenticated sessions or connection attempts to CAMS for HIS services on affected Yokogawa CENTUM systems.
  • No known public exploits specifically target this vulnerability as of the advisory date; however, monitor for anomalous communication patterns to CENTUM CS 3000 and CENTUM VP control system components.
  • ·Affected products span multiple version ranges across CENTUM CS 3000, CENTUM VP, B/M9000CS, and B/M9000 VP, as well as Exaopc (added in Update A). Detection logic should account for all listed version ranges.
  • ·B/M9000CS and B/M9000 VP are not directly vulnerable but are affected when CENTUM CS 3000 or CENTUM VP is installed on the same PC. Detection and patching scope must include co-installed configurations.
  • ·CENTUM CS 3000 (including Entry Class) R3.08.10–R3.09.50 and CENTUM VP R4.01.00–R4.03.00 are end-of-support with no patch available; these systems remain permanently vulnerable unless upgraded.
  • ·Exaopc R3.72.00–R3.78.00 was added as an affected product in Update A (January 2021); original advisory scope did not include it. Ensure detection and asset inventory covers this component.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.