CVE-2020-5608
published 2020-08-05CVE-2020-5608: CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.59%
72.6th percentile
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yokogawa | b_m9000cs_firmware | r5.04.01 – r5.05.01 | — |
| yokogawa | b_m9000vp_firmware | r6.01.01 – r8.03.01 | — |
| yokogawa | centum_cs_3000_firmware | r3.08.10 – r3.09.50 | — |
| yokogawa | centum_vp_firmware | r4.01.00 – r4.03.00 | — |
| yokogawa | centum_vp_firmware | r5.01.00 – r5.04.20 | — |
| yokogawa | centum_vp_firmware | r6.01.00 – r6.07.00 | — |
| yokogawa_electric_corporation | cams_for_his | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2020-5608 involves improper authentication in CAMS for HIS component of Yokogawa CENTUM products, allowing a remote unauthenticated attacker to bypass authentication and send tampered/altered communication packets over the network (adjacent network vector). ↗
- →The attack vector is adjacent network (AV:A), meaning exploitation is limited to attackers on the same network segment. Monitor for unexpected or malformed CAMS for HIS protocol traffic originating from unauthorized hosts on the OT/ICS network. ↗
- →No authentication is required to exploit this vulnerability (PR:N/UI:N). Detect unauthenticated sessions or connection attempts to CAMS for HIS services on affected Yokogawa CENTUM systems. ↗
- →No known public exploits specifically target this vulnerability as of the advisory date; however, monitor for anomalous communication patterns to CENTUM CS 3000 and CENTUM VP control system components. ↗
- ·Affected products span multiple version ranges across CENTUM CS 3000, CENTUM VP, B/M9000CS, and B/M9000 VP, as well as Exaopc (added in Update A). Detection logic should account for all listed version ranges. ↗
- ·B/M9000CS and B/M9000 VP are not directly vulnerable but are affected when CENTUM CS 3000 or CENTUM VP is installed on the same PC. Detection and patching scope must include co-installed configurations. ↗
- ·CENTUM CS 3000 (including Entry Class) R3.08.10–R3.09.50 and CENTUM VP R4.01.00–R4.03.00 are end-of-support with no patch available; these systems remain permanently vulnerable unless upgraded. ↗
- ·Exaopc R3.72.00–R3.78.00 was added as an affected product in Update A (January 2021); original advisory scope did not include it. Ensure detection and asset inventory covers this component. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Yokogawa CENTUM (Update A)
cisa_ics·2020-08-11·CVSS 9.8
[CRITICAL] Yokogawa CENTUM (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Yokogawa CENTUM (Update A)
Last RevisedJanuary 05, 2021
Alert CodeICSA-20-224-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.1
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Yokogawa
- Equipment: CENTUM
- Vulnerabilities: Improper Authentication, Path Traversal
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-20-224-01 Yokogawa CENTUM that was published August 11, 2020, on the ICS webpage on us-cert.cisa.gov.
## 3. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a remote unauth
GHSA
GHSA-c692-7w5j-72mx: CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3
ghsa_unreviewed·2022-05-24
CVE-2020-5608 [HIGH] GHSA-c692-7w5j-72mx: CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-08-05
Published