CVE-2014-5208 : BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through

BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.

Published 2014-12-22 17:59:00

Updated 2014-12-22 19:27:04

Source CERT/CC

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2014-5208

Yokogawa » Centum Cs 3000 » Version: R3.07
cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Centum Cs 3000 » Version: N/A
Yokogawa » Centum Cs 3000 » Version: R3.06
cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Centum Cs 3000 » Version: N/A
Yokogawa » Centum Cs 3000 » Version: R3.05
cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Centum Cs 3000 » Version: N/A
Yokogawa » Centum Cs 3000 » Version: R3.04
cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Centum Cs 3000 » Version: N/A
Yokogawa » Centum Cs 3000 » Version: R3.08.70
cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Centum Cs 3000 » Version: N/A
Yokogawa » Centum Cs 3000 » Version: R3.08
cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Centum Cs 3000 » Version: N/A
Yokogawa » Centum Cs 3000 » Version: R3.03
cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Centum Cs 3000 » Version: N/A
Yokogawa » Centum Cs 3000 » Version: R3.01
cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Centum Cs 3000 » Version: N/A
Yokogawa » Centum Cs 3000 » Version: R3.09
cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Centum Cs 3000 » Version: N/A
Yokogawa » Centum Cs 3000 » Version: R3.08.50
cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Centum Cs 3000 » Version: N/A
Yokogawa » Centum Cs 3000 » Version: R3.02
cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Centum Cs 3000 » Version: N/A
Yokogawa » Centum Cs 3000 » Version: R3.09.50
cpe:2.3:a:yokogawa:centum_cs_3000:r3.09.50:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Centum Cs 3000 » Version: N/A
Yokogawa » Exaopc
Versions up to, including, (<=) 3.71.10
cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Exaopc » Version: N/A
Yokogawa » Centum Vp
Versions up to, including, (<=) r4.03.00
cpe:2.3:a:yokogawa:centum_vp:*:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Centum Vp » Version: N/A
Yokogawa » Centum Vp » Version: R5.02.00
cpe:2.3:a:yokogawa:centum_vp:r5.02.00:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Centum Vp » Version: N/A
Yokogawa » Centum Vp » Version: R5.03.00
cpe:2.3:a:yokogawa:centum_vp:r5.03.00:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Centum Vp » Version: N/A
Yokogawa » Centum Vp » Version: R5.01.00
cpe:2.3:a:yokogawa:centum_vp:r5.01.00:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Centum Vp » Version: N/A
Yokogawa » Centum Vp » Version: R5.01.20
cpe:2.3:a:yokogawa:centum_vp:r5.01.20:*:*:*:*:*:*:*
Matching versions
When used together with: Yokogawa » Centum Vp » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2014-5208

EPSS FAQ

11.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2014-5208

Yokogawa BKBCopyD.exe Client

Disclosure Date: 2014-08-09

First seen: 2020-04-26

auxiliary/admin/scada/yokogawa_bkbcopyd_client

This module allows an unauthenticated user to interact with the Yokogawa CENTUM CS3000 BKBCopyD.exe service through the PMODE, RETR and STOR operations. Authors: - Unknown

More information

CVSS scores for CVE-2014-5208

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-5208

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-5208

https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A

Yokogawa CENTUM and Exaopc Vulnerability (Update A) | CISA
Third Party Advisory;US Government Resource
https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access

R7-2014-10 Disclosure: Yokogawa CENTUM CS3000 BKBCopyD.exe File System Access
Exploit
http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf

Sitemap | Yokogawa Electric Corporation
Vendor Advisory

Jump to

Vulnerability Details : CVE-2014-5208