CVE-2014-0781
critical
CVSS v3
—
CVSS v2
9.3
VIR risk
9.3
Description
Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| yokogawa | centum_cs_3000 | {"endIncluding":"r3.09.50"} | |
| yokogawa | centum_cs_3000 | r3.01 | |
| yokogawa | centum_cs_3000 | r3.02 | |
| yokogawa | centum_cs_3000 | r3.03 | |
| yokogawa | centum_cs_3000 | r3.04 | |
| yokogawa | centum_cs_3000 | r3.05 | |
| yokogawa | centum_cs_3000 | r3.06 | |
| yokogawa | centum_cs_3000 | r3.07 | |
| yokogawa | centum_cs_3000 | r3.08 | |
| yokogawa | centum_cs_3000 | r3.08.50 | |
| yokogawa | centum_cs_3000 | r3.08.70 | |
| yokogawa | centum_cs_3000 | r3.09 | |
References
- http://www.securityfocus.com/bid/66130
- http://www.yokogawa.com/dcs/security/ysar/dcs-ysar-index-en.htm.
- https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-070-01a
- http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01
- http://www.securityfocus.com/bid/66130
- https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities
CWEs
CWE-122 CWE-119
Verify integrity in audit chain (admin only). AS-IS.