QwikSec

Security Database

CVE

CWE

Training

CVE-2014-5208

Published: Dec 22, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A

x_refsource_MISC

http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdf

x_refsource_CONFIRM

https://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-access

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.