Vulnerability CVE-2014-0782
Published: 2014-05-16

Description:
Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.3/10
8.5/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Complete
Affected software
Yokogawa -> B/m9000 vp software 
Yokogawa -> B/m9000cs software 
Yokogawa -> Centum cs 1000 software 
Yokogawa -> Centum cs 3000 entry class software 
Yokogawa -> Centum cs 3000 software 
Yokogawa -> Centum vp entry class software 
Yokogawa -> Centum vp software 
Yokogawa -> Exaopc 
Yokogawa -> B/m9000 vp 
Yokogawa -> B/m9000cs 
Yokogawa -> Centum cs 1000 
Yokogawa -> Centum cs 3000 
Yokogawa -> Centum cs 3000 entry class 
Yokogawa -> Centum vp 
Yokogawa -> Centum vp entry class 

 References:
http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01
http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf
Copyright 2024, cxsecurity.com

 

Back to Top