Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0782

Overview

Vulnerability Score 8.3 8.3
CVE Id CVE-2014-0782
Last Modified 19 May 2014 10:57:56
Published 16 May 2014 07:12:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-0782

Summary

Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.

Vulnerable Systems

Application

  • Yokogawa B%2fm9000 Vp Software 7.03.01

  • Yokogawa B%2fm9000cs Software 5.05.01

  • Yokogawa Centum Cs 1000 Software -

  • Yokogawa Centum Cs 3000 Entry Class Software 3.09.50

  • Yokogawa Centum Cs 3000 Software 2.23.00

  • Yokogawa Centum Vp Entry Class Software 5.03.00

  • Yokogawa Centum Vp Software 4.03.00

  • Yokogawa Exaopc 3.71.02


References

MISC - http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01

CONFIRM - http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf


Last Updated: 27 May 2016 11:05:18