cbcvebase.
CVE-2020-5609
published 2020-08-05

CVE-2020-5609: Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.07%
79.0th percentile
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.

Affected

7 ranges
VendorProductVersion rangeFixed in
yokogawab_m9000cs_firmwarer5.04.01 – r5.05.01
yokogawab_m9000vp_firmwarer6.01.01 – r8.03.01
yokogawacentum_cs_3000_firmwarer3.08.10 – r3.09.50
yokogawacentum_vp_firmwarer4.01.00 – r4.03.00
yokogawacentum_vp_firmwarer5.01.00 – r5.04.20
yokogawacentum_vp_firmwarer6.01.00 – r6.07.00
yokogawa_electric_corporationcams_for_his

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2020-5609 is a path traversal (CWE-22) vulnerability in Yokogawa CENTUM CAMS for HIS component; monitor for directory traversal sequences in network traffic destined to CENTUM CS 3000 / CENTUM VP systems on OT/ICS networks
  • The attack vector is adjacent network (AV:A), unauthenticated (PR:N), no user interaction required — monitor for unexpected file creation or modification events on CENTUM engineering/HIS workstations
  • No known public exploits exist as of advisory publication; treat any exploitation attempt as high-priority given the unauthenticated remote code execution potential via arbitrary file write
  • ·B/M9000CS and B/M9000 VP are not directly vulnerable but become exposed when CENTUM CS 3000 or CENTUM VP is co-installed on the same PC — detection scope must include co-hosted configurations
  • ·CENTUM CS 3000 R3.08.10–R3.09.50 and CENTUM VP R4.01.00–R4.03.00 are end-of-support with no patch available; these systems remain permanently vulnerable unless upgraded
  • ·Exaopc R3.72.00–R3.78.00 was added as an affected product in Update A; original detections scoped only to CENTUM CS 3000/VP may miss Exaopc instances

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.