Vulnerability Description
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yokogawa | Exaopc | <= 3.72.00 |
| Yokogawa | B\/M9000Cs Software | <= 5.05.01 |
| Yokogawa | B\/M9000Cs | - |
| Yokogawa | Centum Vp Entry Class Software | <= 5.03.00 |
| Yokogawa | Centum Vp Entry Class | - |
| Yokogawa | Centum Vp Software | <= 5.03.20 |
| Yokogawa | Centum Vp | - |
| Yokogawa | B\/M9000 Vp Software | <= 7.03.01 |
| Yokogawa | B\/M9000 Vp | - |
| Yokogawa | Centum Cs 3000 | r3.01 |
| Yokogawa | Centum Cs 3000 Software | <= 2.23.00 |
| Yokogawa | Centum Cs 1000 Software | - |
| Yokogawa | Centum Cs 1000 | - |
| Yokogawa | Centum Cs 3000 Entry Class Software | <= 3.09.50 |
| Yokogawa | Centum Cs 3000 Entry Class | - |
Related Weaknesses (CWE)
References
- http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01Third Party AdvisoryUS Government Resource
- http://osvdb.org/show/osvdb/108756
- http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-BuffExploit
- http://www.exploit-db.com/exploits/34009
- http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdfVendor Advisory
- http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01Third Party AdvisoryUS Government Resource
- http://osvdb.org/show/osvdb/108756
- http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-BuffExploit
- http://www.exploit-db.com/exploits/34009
- http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdfVendor Advisory
FAQ
What is CVE-2014-3888?
CVE-2014-3888 is a vulnerability with a CVSS score of 8.3 (HIGH). Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earl...
How severe is CVE-2014-3888?
CVE-2014-3888 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3888?
Check the references section above for vendor advisories and patch information. Affected products include: Yokogawa Exaopc, Yokogawa B\/M9000Cs Software, Yokogawa B\/M9000Cs, Yokogawa Centum Vp Entry Class Software, Yokogawa Centum Vp Entry Class.