Vulnerability CVE-2014-0782

Published: 2014-05-16

Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.



(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Yokogawa
Product: B/m9000 vp software 
Version: 7.03.01;
Product: B/m9000cs software 
Version: 5.05.01;
Product: Centum vp entry class software 
Version: 5.03.00;
Product: Centum vp software 
Version: 4.03.00;
Product: Exaopc 
Version: 3.71.02;
Product: Centum cs 3000 entry class software 
Version: 3.09.50;
Product: Centum cs 3000 software 
Version: 2.23.00;
Product: Centum cs 3000 entry class 
Product: Centum cs 1000 software 
Product: Centum vp entry class 
Product: B/m9000cs 
Product: Centum cs 3000 
Product: Centum vp 
Product: B/m9000 vp 
Product: Centum cs 1000 

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
Exploit range
Attack complexity
No required
Confidentiality impact
Integrity impact
Availability impact


Related CVE
License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypas...
Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10....
Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earli...
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions.
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable.
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify ...
Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized admin...

Copyright 2019,


Back to Top