CVE-2014-0782

EPSS 39.78%
Published 16.05.2014 11:12:00
Last modified 25.09.2025 18:15:35
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.

Affected products Warnungen 0 Metrics 3 CWE 2 References 9

Data is provided by the National Vulnerability Database (NVD)

Yokogawa ≫ Centum Cs 1000 Software Version-

Yokogawa ≫ Centum Cs 1000 Version-

Yokogawa ≫ Centum Cs 3000 Software Version <= 2.23.00

Yokogawa ≫ Centum Cs 3000 Version-

Yokogawa ≫ Centum Cs 3000 Entry Class Software Version <= 3.09.50

Yokogawa ≫ Centum Cs 3000 Entry Class Version-

Yokogawa ≫ Exaopc Version <= 3.71.02

Yokogawa ≫ Centum Vp Entry Class Software Version <= 5.03.00

Yokogawa ≫ Centum Vp Entry Class Version-

Yokogawa ≫ Centum Vp Software Version <= 4.03.00

Yokogawa ≫ Centum Vp Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	39.78%	0.972

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.3	8.6	8.5	AV:N/AC:M/Au:N/C:P/I:P/A:C
ics-cert@hq.dhs.gov	8.3	8.6	8.5	AV:N/AC:M/Au:N/C:P/I:P/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

http://www.securityfocus.com/bid/66130

https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities

http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01

US Government Resource

http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf

Vendor Advisory

http://www.yokogawa.com/dcs/security/ysar/dcs-ysar-index-en.htm.

https://www.cisa.gov/news-events/ics-advisories/icsa-14-070-01a

https://nvd.nist.gov/vuln/detail/CVE-2014-0782

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0782

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0782

EUVD