CVE-2014-0782

Yokogawa CS3000 - 'BKESimmgr.exe' Remote Buffer Overflow

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.

Desbordamiento de buffer basado en pila en BKESimmgr.exe en el paquete Expanded Test Functions en Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 y anteriores, CENTUM VP R5.03.00 y anteriores, CENTUM VP Entry Class R5.03.00 y anteriores, Exaopc R3.71.02 y anteriores, B/M9000CS R5.05.01 y anteriores y B/M9000 VP R7.03.01 y anteriores permite a atacantes remotos ejecutar código arbitrario a través de un paquete manipulado.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-01-02 CVE Reserved
2014-05-09 CVE Published
2014-05-12 First Exploit
2024-08-06 CVE Updated
2024-12-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (4)

URL	Tag	Source
http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01	Us Government Resource
https://www.rapid7.com/blog/post/2014/05/09/r7-2013-192-disclosure-yokogawa-centum-cs-3000-vulnerabilities

URL	Date	SRC
https://www.exploit-db.com/exploits/33331	2014-05-12

URL	Date	SRC

URL	Date	SRC
http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf	2014-03-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Yokogawa Search vendor "Yokogawa"	B\/m9000cs Software Search vendor "Yokogawa" for product "B\/m9000cs Software"	<= 5.05.01 Search vendor "Yokogawa" for product "B\/m9000cs Software" and version " <= 5.05.01"	-	Affected	in	Yokogawa Search vendor "Yokogawa"	B\/m9000cs Search vendor "Yokogawa" for product "B\/m9000cs"	-	-	Affected
Yokogawa Search vendor "Yokogawa"	Centum Cs 1000 Software Search vendor "Yokogawa" for product "Centum Cs 1000 Software"	-	-	Affected	in	Yokogawa Search vendor "Yokogawa"	Centum Cs 1000 Search vendor "Yokogawa" for product "Centum Cs 1000"	-	-	Affected
Yokogawa Search vendor "Yokogawa"	Centum Cs 3000 Software Search vendor "Yokogawa" for product "Centum Cs 3000 Software"	<= 2.23.00 Search vendor "Yokogawa" for product "Centum Cs 3000 Software" and version " <= 2.23.00"	-	Affected	in	Yokogawa Search vendor "Yokogawa"	Centum Cs 3000 Search vendor "Yokogawa" for product "Centum Cs 3000"	-	-	Affected
Yokogawa Search vendor "Yokogawa"	Centum Cs 3000 Entry Class Software Search vendor "Yokogawa" for product "Centum Cs 3000 Entry Class Software"	<= 3.09.50 Search vendor "Yokogawa" for product "Centum Cs 3000 Entry Class Software" and version " <= 3.09.50"	-	Affected	in	Yokogawa Search vendor "Yokogawa"	Centum Cs 3000 Entry Class Search vendor "Yokogawa" for product "Centum Cs 3000 Entry Class"	-	-	Affected
Yokogawa Search vendor "Yokogawa"	B\/m9000 Vp Software Search vendor "Yokogawa" for product "B\/m9000 Vp Software"	<= 7.03.01 Search vendor "Yokogawa" for product "B\/m9000 Vp Software" and version " <= 7.03.01"	-	Affected	in	Yokogawa Search vendor "Yokogawa"	B\/m9000 Vp Search vendor "Yokogawa" for product "B\/m9000 Vp"	-	-	Affected
Yokogawa Search vendor "Yokogawa"	Centum Vp Entry Class Software Search vendor "Yokogawa" for product "Centum Vp Entry Class Software"	<= 5.03.00 Search vendor "Yokogawa" for product "Centum Vp Entry Class Software" and version " <= 5.03.00"	-	Affected	in	Yokogawa Search vendor "Yokogawa"	Centum Vp Entry Class Search vendor "Yokogawa" for product "Centum Vp Entry Class"	-	-	Affected
Yokogawa Search vendor "Yokogawa"	Centum Vp Software Search vendor "Yokogawa" for product "Centum Vp Software"	<= 4.03.00 Search vendor "Yokogawa" for product "Centum Vp Software" and version " <= 4.03.00"	-	Affected	in	Yokogawa Search vendor "Yokogawa"	Centum Vp Search vendor "Yokogawa" for product "Centum Vp"	-	-	Affected
Yokogawa Search vendor "Yokogawa"		Exaopc Search vendor "Yokogawa" for product "Exaopc"				<= 3.71.02 Search vendor "Yokogawa" for product "Exaopc" and version " <= 3.71.02"		-		Affected