Remote Code Execution Risk in YOKOGAWA License Manager Service
CVE-2019-5909

9.8CRITICAL

Key Information:

Vendor
Yokogawa Electric Corporation
Status
License Manager Service Of Yokogawa Products
Vendor
CVE Published:
13 February 2019

Summary

The License Manager Service used in various YOKOGAWA products is vulnerable to unauthorized access, potentially allowing remote attackers to bypass existing access restrictions. This flaw enables malicious users to send unauthorized files to the affected systems, posing significant security risks. It is essential for organizations utilizing these products to implement immediate mitigations to safeguard sensitive information from exploitation.

Affected Version(s)

License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03))

References

https://web-material3.yokogawa.com/1/20653/files/YSAR-19-...
x_refsource_MISC
http://www.securityfocus.com/bid/106772
vdb-entryx_refsource_BID
http://jvn.jp/vu/JVNVU99147082/index.html
x_refsource_MISC

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-5909 : Remote Code Execution Risk in YOKOGAWA License Manager Service | SecurityVulnerability.io