CVE-2014-0782

Published: May 16, 2014Modified: May 6, 2026

8.3

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:C

Exploitability: 8.6 / Impact: 8.5

Source: NVD

Description

Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.

Affected (15)

Products: Yokogawa: B/m9000cs Software, B/m9000cs, Centum Cs 1000 Software, Centum Cs 1000, Centum Cs 3000 Software, Centum Cs 3000, Centum Cs 3000 Entry Class Software, Centum Cs 3000 Entry Class, Exaopc, B/m9000 Vp Software, B/m9000 Vp, Centum Vp Entry Class Software, Centum Vp Entry Class, Centum Vp Software, Centum Vp

15 products

B/m9000cs Software

Centum Cs 1000 Software

Centum Cs 3000 Software

Centum Cs 3000 Entry Class Software

Centum Cs 3000 Entry Class

B/m9000 Vp Software

Centum Vp Entry Class Software

Centum Vp Entry Class

Centum Vp Software

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Yokogawa B/m9000cs Software	Up to 5.05.01
Yokogawa B/m9000cs	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Yokogawa Centum Cs 1000 Software	All versions
Yokogawa Centum Cs 1000	All versions

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Yokogawa Centum Cs 3000 Software	Up to 2.23.00
Yokogawa Centum Cs 3000	All versions

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Yokogawa Centum Cs 3000 Entry Class Software	Up to 3.09.50
Yokogawa Centum Cs 3000 Entry Class	All versions

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Yokogawa Exaopc	Up to 3.71.02

Configuration F

2 vulnerable

Vulnerable Software	Affected Versions
Yokogawa B/m9000 Vp Software	Up to 7.03.01
Yokogawa B/m9000 Vp	All versions

Configuration G

2 vulnerable

Vulnerable Software	Affected Versions
Yokogawa Centum Vp Entry Class Software	Up to 5.03.00
Yokogawa Centum Vp Entry Class	All versions

Configuration H

2 vulnerable

Vulnerable Software	Affected Versions
Yokogawa Centum Vp Software	Up to 4.03.00
Yokogawa Centum Vp	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References (6)

http://www.securityfocus.com/bid/66130

Source: ics-cert@hq.dhs.gov

http://www.yokogawa.com/dcs/security/ysar/dcs-ysar-index-en.htm.

Source: ics-cert@hq.dhs.gov

https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities

Source: ics-cert@hq.dhs.gov

https://www.cisa.gov/news-events/ics-advisories/icsa-14-070-01a

Source: ics-cert@hq.dhs.gov

http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.