Vulnerability Description
Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.
CVSS Score
9.3
HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yokogawa | Centum Cs 3000 | <= r3.09.50 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/66130
- http://www.yokogawa.com/dcs/security/ysar/dcs-ysar-index-en.htm.
- https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centuExploit
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-070-01a
- http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01US Government Resource
- http://www.securityfocus.com/bid/66130
- https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centuExploit
FAQ
What is CVE-2014-0781?
CVE-2014-0781 is a vulnerability with a CVSS score of 9.3 (HIGH). Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.
How severe is CVE-2014-0781?
CVE-2014-0781 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0781?
Check the references section above for vendor advisories and patch information. Affected products include: Yokogawa Centum Cs 3000.