Skip to main content

Exaopc CVE-2014-5208

HIGH
Improper Access Control (CWE-284)
2014-12-22 cret@cert.org
7.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Dec 22, 2014 - 17:59 cve.org
HIGH 7.5

DescriptionCVE.org

BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.

AnalysisAI

BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-284. BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784. Affected products include: Yokogawa Exaopc, Yokogawa Centum Cs 3000, Yokogawa Centum Vp.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Exaopc

View all
CVE-2014-0782 HIGH POC
8.3 May 16

Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM C

CVE-2014-3888 HIGH POC
8.3 Jul 10

Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM V

CVE-2022-23402 CRITICAL
9.8 Mar 11

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5

CVE-2022-21194 CRITICAL
9.8 Mar 11

The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial c

CVE-2022-30707 HIGH
8.8 Jun 28

Violation of secure design principles exists in the communication of CAMS for HIS. Rated high severity (CVSS 8.8), this

CVE-2022-22729 HIGH
8.8 Mar 11

CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets.

CVE-2022-21808 HIGH
8.8 Mar 11

Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM

CVE-2022-22151 HIGH
8.1 Mar 11

CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs:

CVE-2022-22145 HIGH
8.1 Mar 11

CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource con

CVE-2022-21177 HIGH
8.1 Mar 11

There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products

CVE-2023-26593 HIGH
7.8 Apr 11

CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. Ra

CVE-2022-23401 HIGH
7.8 Mar 11

The following Yokogawa Electric products contain insecure DLL loading issues. Rated high severity (CVSS 7.8), this vulne

Share

CVE-2014-5208 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy