What is CVE-2014-5208?

CVE-2014-5208 is a vulnerability in Yokogawa Centum_cs_3000, classified under Improper Access Control. Published 2014-12-22.

Is CVE-2014-5208 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Yokogawa Centum_cs_3000

CVE-2014-5208

BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers…

EPSS: 0.231 (97.5th percentile) — read the EPSS interpretation.

Affected products

Yokogawa Centum_cs_3000 — versions r3.01, r3.02, r3.03
Yokogawa Centum_vp — versions r5.01.00, r5.01.20, r5.02.00
Yokogawa Exaopc
N/a — versions n/a

Weakness classification (CWE)

CWE-284 — Improper Access Control

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cret@cert.org (US Government Resource, Third Party Advisory, x_refsource_MISC)
cret@cert.org (x_refsource_CONFIRM, Vendor Advisory)
cret@cert.org (Exploit, x_refsource_MISC)

Frequently asked questions

What is CVE-2014-5208?: CVE-2014-5208 is a vulnerability in Yokogawa Centum_cs_3000, classified under Improper Access Control. Published 2014-12-22.
Is CVE-2014-5208 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.