Vulnerability Description
Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.
CVSS Score
8.3
HIGH
AV:N/AC:M/Au:N/C:P/I:P/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yokogawa | Centum Cs 3000 | <= r3.09.50 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/66130
- http://www.yokogawa.com/dcs/security/ysar/dcs-ysar-index-en.htm.
- https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centuExploit
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-070-01a
- http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/66114Exploit
- https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centuExploit
FAQ
What is CVE-2014-0784?
CVE-2014-0784 is a vulnerability with a CVSS score of 8.3 (HIGH). Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.
How severe is CVE-2014-0784?
CVE-2014-0784 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0784?
Check the references section above for vendor advisories and patch information. Affected products include: Yokogawa Centum Cs 3000.