Unrestricted upload of file with dangerous type in Yokogawa products - CVE-2019-5909
Published: January 30, 2019
Vulnerability identifier: #VU17276
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-5909
CWE-ID: CWE-434
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Yokogawa
Affected software:
CENTUM VP
B/M9000 VP
ProSafe-RS
PRM
CENTUM VP Entry Class
CENTUM VP
B/M9000 VP
ProSafe-RS
PRM
CENTUM VP Entry Class
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The weakness exists due to improper restriction of the upload of potentially malicious files when multiple Yokogawa products utilize a service intended to verify the validity of licensed products being utilized. A remote attacker can supply a specially crafted input and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to improper restriction of the upload of potentially malicious files when multiple Yokogawa products utilize a service intended to verify the validity of licensed products being utilized. A remote attacker can supply a specially crafted input and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2019-5909
Update the affected products to the latest versions.