CVE-2019-5909

Name of the Vulnerable Software and Affected Versions YOKOGAWA CENTUM VP versions R5.01.00 through R6.06.00 YOKOGAWA CENTUM VP Entry Class versions R5.01.00 through R6.06.00 YOKOGAWA ProSafe-RS versions R3.01.00 through R4.04.00 YOKOGAWA PRM versions R4.01.00 through R4.02.00 YOKOGAWA B/M9000 VP versions R7.01.01 through R8.02.03

Description The issue allows remote attackers to bypass access restrictions and send malicious files to the PC where the License Manager Service runs. This can be achieved via unspecified vectors. The vulnerability is related to errors in checking uploaded files, which can allow an attacker to execute arbitrary code using a specially crafted file.

Recommendations For YOKOGAWA CENTUM VP versions R5.01.00 through R6.06.00, consider disabling the License Manager Service until a patch is available. For YOKOGAWA CENTUM VP Entry Class versions R5.01.00 through R6.06.00, restrict access to the License Manager Service to minimize the risk of exploitation. For YOKOGAWA ProSafe-RS versions R3.01.00 through R4.04.00, avoid using the License Manager Service for file uploads until the issue is resolved. For YOKOGAWA PRM versions R4.01.00 through R4.02.00, temporarily disable the License Manager Service to prevent potential attacks. For YOKOGAWA B/M9000 VP versions R7.01.01 through R8.02.03, consider implementing additional security measures to prevent malicious file uploads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.