CVE-2019-5909 – This vulnerability allows remote attackers to b... (How to Fix)

Q: What is the severity of CVE-2019-5909?

CVE-2019-5909 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to bypass access restrictions in YOKOGAWA License Manager Service and send malicious files to the host PC. It affects multiple YOKOGAWA industrial control system products including CENTUM VP, ProSafe-RS, PRM, and B/M9000 VP. Attackers can exploit this without authentication to potentially compromise critical industrial systems.

📋 TL;DR

This vulnerability allows remote attackers to bypass access restrictions in YOKOGAWA License Manager Service and send malicious files to the host PC. It affects multiple YOKOGAWA industrial control system products including CENTUM VP, ProSafe-RS, PRM, and B/M9000 VP. Attackers can exploit this without authentication to potentially compromise critical industrial systems.

💻 Affected Systems

Products:

CENTUM VP
CENTUM VP Entry Class
ProSafe-RS
PRM
B/M9000 VP

Versions: CENTUM VP: R5.01.00 - R6.06.00, CENTUM VP Entry Class: R5.01.00 - R6.06.00, ProSafe-RS: R3.01.00 - R4.04.00, PRM: R4.01.00 - R4.02.00, B/M9000 VP: R7.01.01 - R8.02.03

Operating Systems: Windows (typically used for YOKOGAWA industrial systems)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects License Manager Service component across multiple YOKOGAWA industrial control products; systems must be running the vulnerable versions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems leading to process disruption, safety system manipulation, or industrial espionage through remote code execution on critical infrastructure.

🟠

Likely Case

Unauthorized file upload leading to malware deployment, system compromise, or denial of service affecting industrial operations.

🟢

If Mitigated

Limited impact if systems are air-gapped, have strict network segmentation, and proper access controls preventing external connections.

🌐 Internet-Facing: HIGH - CVSS 9.8 indicates critical risk for internet-exposed systems; unauthenticated remote exploitation possible.

🏢 Internal Only: HIGH - Even internally, this allows lateral movement and compromise of critical industrial control systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Vulnerability allows bypassing access restrictions via unspecified vectors; CVSS 9.8 suggests low attack complexity with high impact.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches specified in YOKOGAWA Security Advisory YSAR-19-0001-E

Vendor Advisory: https://web-material3.yokogawa.com/1/20653/files/YSAR-19-0001-E.pdf

Restart Required: Yes

Instructions:

1. Download patches from YOKOGAWA support portal. 2. Apply patches according to YOKOGAWA documentation. 3. Restart affected systems. 4. Verify patch installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected systems from untrusted networks using firewalls and network segmentation.

Service Restriction

windows

Restrict network access to License Manager Service ports using host-based firewalls.

netsh advfirewall firewall add rule name="Block YOKOGAWA License Manager" dir=in action=block protocol=TCP localport=[PORT_NUMBER]

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected systems from untrusted networks
Deploy host-based firewalls to restrict access to License Manager Service ports

🔍 How to Verify

Check if Vulnerable:

Check product version against affected ranges; verify License Manager Service is running on vulnerable versions.

Check Version:

Check through YOKOGAWA CENTUM VP/ProSafe-RS/PRM/B/M9000 VP system information panels

Verify Fix Applied:

Verify patch installation through YOKOGAWA management tools; confirm version is outside affected ranges.

📡 Detection & Monitoring

Log Indicators:

Unauthorized connection attempts to License Manager Service
Unexpected file uploads to License Manager directories
Service restart or crash events

Network Indicators:

Unusual traffic to License Manager Service ports from unauthorized sources
File transfer patterns to industrial control systems

SIEM Query:

source="yokogawa_logs" AND (event_type="unauthorized_access" OR service="License Manager" AND status="failed")

📊 Metadata

CVE ID: CVE-2019-5909

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: February 13, 2019

Last Updated: November 21, 2024

🔗 References

http://jvn.jp/vu/JVNVU99147082/index.html Third Party Advisory
http://www.securityfocus.com/bid/106772 Third Party Advisory,VDB Entry
https://web-material3.yokogawa.com/1/20653/files/YSAR-19-0001-E.pdf Vendor Advisory
http://jvn.jp/vu/JVNVU99147082/index.html Third Party Advisory
http://www.securityfocus.com/bid/106772 Third Party Advisory,VDB Entry
https://web-material3.yokogawa.com/1/20653/files/YSAR-19-0001-E.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-5909, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

B\/m 9000 Vp by Yokogawa

Centum Vp by Yokogawa

Centum Vp by Yokogawa

Centum Vp by Yokogawa

Prm by Yokogawa

Prosafe Rs by Yokogawa

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Service Restriction

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities