CVE-2020-5609

high-risk
Published 2020-08-05

Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors.

Do I need to act?

~
4.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (4)

Centum Cs 3000 Firmware
Centum Vp Firmware
B\/M9000Cs Firmware
B\/M9000Vp Firmware

Affected Vendors

Yokogawa

References (4)

Third Party Advisory https://jvn.jp/vu/JVNVU97997181/index.html
Vendor Advisory https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf
Third Party Advisory https://jvn.jp/vu/JVNVU97997181/index.html
Vendor Advisory https://web-material3.yokogawa.com/1/29820/files/YSAR-20-0001-E.pdf
50
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 8/34 · Low
Exposure 10/34 · Low