Vulnerability Description
Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yokogawa | B\/M9000Cs Software | <= 5.05.01 |
| Yokogawa | B\/M9000Cs | - |
| Yokogawa | Centum Cs 1000 Software | - |
| Yokogawa | Centum Cs 1000 | - |
| Yokogawa | Centum Cs 3000 Software | <= 2.23.00 |
| Yokogawa | Centum Cs 3000 | - |
| Yokogawa | Centum Cs 3000 Entry Class Software | <= 3.09.50 |
| Yokogawa | Centum Cs 3000 Entry Class | - |
| Yokogawa | Exaopc | <= 3.71.02 |
| Yokogawa | B\/M9000 Vp Software | <= 7.03.01 |
| Yokogawa | B\/M9000 Vp | - |
| Yokogawa | Centum Vp Entry Class Software | <= 5.03.00 |
| Yokogawa | Centum Vp Entry Class | - |
| Yokogawa | Centum Vp Software | <= 4.03.00 |
| Yokogawa | Centum Vp | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/66130
- http://www.yokogawa.com/dcs/security/ysar/dcs-ysar-index-en.htm.
- https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centu
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-070-01a
- http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01US Government Resource
- http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdfVendor Advisory
FAQ
What is CVE-2014-0782?
CVE-2014-0782 is a vulnerability with a CVSS score of 8.3 (HIGH). Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM ...
How severe is CVE-2014-0782?
CVE-2014-0782 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0782?
Check the references section above for vendor advisories and patch information. Affected products include: Yokogawa B\/M9000Cs Software, Yokogawa B\/M9000Cs, Yokogawa Centum Cs 1000 Software, Yokogawa Centum Cs 1000, Yokogawa Centum Cs 3000 Software.