Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2014-5208
HistoryDec 22, 2014 - 5:59 p.m.

CVE-2014-5208

2014-12-2217:59:00
CWE-284
[email protected]
web.nvd.nist.gov
23
cve-2014-5208
yokogawa centum
batch management
authentication bypass
remote attack
file read
file write
information disclosure

6.3 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.254 Low

EPSS

Percentile

96.7%

JSON

BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.

Affected configurations

NVD
Node
yokogawaexaopcRange3.71.10
AND
yokogawaexaopcMatch-
Node
yokogawacentum_cs_3000Matchr3.01
OR
yokogawacentum_cs_3000Matchr3.02
OR
yokogawacentum_cs_3000Matchr3.03
OR
yokogawacentum_cs_3000Matchr3.04
OR
yokogawacentum_cs_3000Matchr3.05
OR
yokogawacentum_cs_3000Matchr3.06
OR
yokogawacentum_cs_3000Matchr3.07
OR
yokogawacentum_cs_3000Matchr3.08
OR
yokogawacentum_cs_3000Matchr3.08.50
OR
yokogawacentum_cs_3000Matchr3.08.70
OR
yokogawacentum_cs_3000Matchr3.09
OR
yokogawacentum_cs_3000Matchr3.09.50
AND
yokogawacentum_cs_3000Match-
Node
yokogawacentum_vpRanger4.03.00
OR
yokogawacentum_vpMatchr5.01.00
OR
yokogawacentum_vpMatchr5.01.20
OR
yokogawacentum_vpMatchr5.02.00
OR
yokogawacentum_vpMatchr5.03.00
AND
yokogawacentum_vpMatch-

Related

ics 3
prion 2
nvd 2
cvelist 2
nessus 4
cve 1
checkpoint_advisories 1
ics
ics
Yokogawa CENTUM and Exaopc Vulnerability (Update A)
2018-09-05 12:00:00
Yokogawa Multiple Products Vulnerabilities
2018-09-06 12:00:00
Yokogawa CENTUM CS 3000 Vulnerabilities (Update A)
2018-09-06 12:00:00
prion
prion
Authentication flaw
2014-12-22 17:59:00
Stack overflow
2014-03-14 10:55:00
nvd
nvd
CVE-2014-5208
2014-12-22 17:59:00
CVE-2014-0784
2014-03-14 10:55:05
cvelist
cvelist
CVE-2014-5208
2014-12-22 17:00:00
CVE-2014-0784
2014-03-14 10:00:00
nessus
nessus
Yokogawa Exaopc Improper Access Control
2019-11-08 00:00:00
Yokogawa (CVE-2014-5208) (deprecated)
2022-02-07 00:00:00
Yokogawa Centum Improper Restriction of Operations within the Bounds of a Memory Buffer
2019-11-08 00:00:00
cve
cve
CVE-2014-0784
2014-03-14 10:55:05
checkpoint_advisories
checkpoint_advisories
Yokogawa CENTUM CS 3000 SCADA Buffer Overflow (CVE-2014-0784)
2014-05-14 00:00:00

6.3 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.254 Low

EPSS

Percentile

96.7%

JSON
Related for CVE-2014-5208
ics3prion2nvd2cvelist2nessus4cve1checkpoint_advisories1