10

CVE-2015-5626

EPSS 1.02%
Published 05.02.2020 19:15:10
Last modified 21.11.2024 02:33:26
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Yokogawa ≫ Centum Cs 1000 Firmware Version <= r3.08.70

Yokogawa ≫ Centum Cs 1000 Version-

Yokogawa ≫ Centum Cs 3000 Firmware Version <= r3.09.50

Yokogawa ≫ Centum Cs 3000 Version-

Yokogawa ≫ Centum Cs 3000 Entry Firmware Version <= r3.09.50

Yokogawa ≫ Centum Cs 3000 Entry Version-

Yokogawa ≫ Centum Vp Firmware Version <= r5.04.20

Yokogawa ≫ Centum Vp Version-

Yokogawa ≫ Centum Vp Entry Firmware Version <= r5.04.20

Yokogawa ≫ Centum Vp Entry Version-

Yokogawa ≫ Prosafe-rs Firmware Version <= r3.02.10

Yokogawa ≫ Prosafe-rs Version-

Yokogawa ≫ Exaopc Version <= r3.72.00

Yokogawa ≫ Exapilot Version <= r3.96.10

Yokogawa ≫ Exaplog Version <= r3.40.00

Yokogawa ≫ Exaquantum Version <= r2.85.00

Yokogawa ≫ Exaquantum/batch Version <= r2.50.30

Yokogawa ≫ Exarqe Version <= r4.03.20

Yokogawa ≫ Exasmoc Version <= r4.03.20

Yokogawa ≫ Field Wireless Device Opc Server Version <= r2.01.02

Yokogawa ≫ Field Wireless Device Opc Server Version-

Yokogawa ≫ Plant Resource Manager Version <= r3.12.00

Yokogawa ≫ Scada Software (fast/tools) Version <= r10.01

Yokogawa ≫ Versatile Data Server Software Version <= r7.30.01

Yokogawa ≫ B/m9000cs Firmware Version <= r5.05.01

Yokogawa ≫ B/m9000cs Version-

Yokogawa ≫ B/m9000 Vp Firmware Version <= r7.03.04

Yokogawa ≫ B/m9000 Vp Version-

Yokogawa ≫ Fieldmate Versionr1.01

Yokogawa ≫ Fieldmate Versionr1.02

Yokogawa ≫ Stardom Opc Server SwPlatformwindows Version <= r3.40

Yokogawa ≫ Stardom Opc Server Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.02%	0.752

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf

Not Applicable

https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2015-5626

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-5626

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-5626

EUVD