Vulnerability CVE-2014-3888


Published: 2014-07-10

Description:
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.

See advisories in our WLB2 database:
Topic
Author
Date
High
Yokogawa CS3000 BKFSim_vhfd.exe Buffer Overflow
Redsadic
08.07.2014

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Yokogawa
Product: B/m9000 vp software 
Version: 7.03.01;
Product: B/m9000cs software 
Version: 5.05.01;
Product: Centum vp software 
Version: 5.03.20; 4.03.00;
Product: Centum vp entry class software 
Version: 5.03.00;
Product: Exaopc 
Version: 3.72.00; 3.71.02;
Product: Centum cs 3000 entry class software 
Version: 3.09.50;
Product: Centum cs 3000 software 
Version: 2.23.00;
Product: Centum cs 1000 
Product: Centum cs 1000 software 
Product: Centum cs 3000 entry class 
Product: Centum vp entry class 
Product: B/m9000cs 
Product: Centum cs 3000 
Product: Centum vp 
Product: B/m9000 vp 

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
8.3/10
8.5/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Complete

 References:
http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01
http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf
http://www.exploit-db.com/exploits/34009
http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html
http://osvdb.org/show/osvdb/108756

Related CVE
CVE-2019-5909
License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypas...
CVE-2018-16196
Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10....
CVE-2018-0651
Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earli...
CVE-2018-17902
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions.
CVE-2018-17900
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The web application improperly protects credentials which could allow an attacker to obtain credentials for remote access to controllers.
CVE-2018-17898
Yokogawa STARDOM Controllers FCJ,FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The controller application fails to prevent memory exhaustion by unauthorized requests. This could allow an attacker to cause the controller to become unstable.
CVE-2018-17896
Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify ...
CVE-2018-10592
Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized admin...

Copyright 2019, cxsecurity.com

 

Back to Top