CVE-2020-5609
published 2020-08-05CVE-2020-5609: Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.07%
79.0th percentile
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yokogawa | b_m9000cs_firmware | r5.04.01 – r5.05.01 | — |
| yokogawa | b_m9000vp_firmware | r6.01.01 – r8.03.01 | — |
| yokogawa | centum_cs_3000_firmware | r3.08.10 – r3.09.50 | — |
| yokogawa | centum_vp_firmware | r4.01.00 – r4.03.00 | — |
| yokogawa | centum_vp_firmware | r5.01.00 – r5.04.20 | — |
| yokogawa | centum_vp_firmware | r6.01.00 – r6.07.00 | — |
| yokogawa_electric_corporation | cams_for_his | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2020-5609 is a path traversal (CWE-22) vulnerability in Yokogawa CENTUM CAMS for HIS component; monitor for directory traversal sequences in network traffic destined to CENTUM CS 3000 / CENTUM VP systems on OT/ICS networks ↗
- →The attack vector is adjacent network (AV:A), unauthenticated (PR:N), no user interaction required — monitor for unexpected file creation or modification events on CENTUM engineering/HIS workstations ↗
- →No known public exploits exist as of advisory publication; treat any exploitation attempt as high-priority given the unauthenticated remote code execution potential via arbitrary file write ↗
- ·B/M9000CS and B/M9000 VP are not directly vulnerable but become exposed when CENTUM CS 3000 or CENTUM VP is co-installed on the same PC — detection scope must include co-hosted configurations ↗
- ·CENTUM CS 3000 R3.08.10–R3.09.50 and CENTUM VP R4.01.00–R4.03.00 are end-of-support with no patch available; these systems remain permanently vulnerable unless upgraded ↗
- ·Exaopc R3.72.00–R3.78.00 was added as an affected product in Update A; original detections scoped only to CENTUM CS 3000/VP may miss Exaopc instances ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Yokogawa CENTUM (Update A)
cisa_ics·2020-08-11·CVSS 9.8
[CRITICAL] Yokogawa CENTUM (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Yokogawa CENTUM (Update A)
Last RevisedJanuary 05, 2021
Alert CodeICSA-20-224-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.1
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Yokogawa
- Equipment: CENTUM
- Vulnerabilities: Improper Authentication, Path Traversal
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-20-224-01 Yokogawa CENTUM that was published August 11, 2020, on the ICS webpage on us-cert.cisa.gov.
## 3. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow a remote unauth
GHSA
GHSA-5463-xg53-cjvw: Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3
ghsa_unreviewed·2022-05-24
CVE-2020-5609 [HIGH] GHSA-5463-xg53-cjvw: Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-08-05
Published