CVE-2019-5909

License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors.

Published: Feb 13, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-5909
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
yokogawa / b/m_9000_vp	r7.01.01	r8.02.03.x
yokogawa / prm	r4.01.00	r4.02.00.x
yokogawa / prosafe-rs	r3.01.00	r4.04.00.x
yokogawa / centum_vp	r5.01.00	r6.06.00.x

http://jvn.jp/vu/JVNVU99147082/index.html
http://www.securityfocus.com/bid/106772
https://web-material3.yokogawa.com/1/20653/files/YSAR-19-0001-E.pdf

Vulnerability Database

289,871

CVE-2019-5909