Details of VAR-201403-0445

ID

VAR-201403-0445

CVE

CVE-2014-0781

TITLE

Yokogawa CENTUM CS Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 285cd4bc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01753

DESCRIPTION

Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets. Yokogawa CENTUM CS 3000 is a new generation of distributed control system, DCS system with WINDOWS XP as the operating platform. When the Yokogawa CENTUM CS 3000 processes the inbound message, the modules \"BKCLogSvr.exe\", \"BKHOdeq.exe\", \"BKBCopyD.exe\" have errors, and the malicious user sends the message to UDP port 52302, TCP port 20171, TCP port 20111. A specially crafted packet that an attacker can exploit to cause a heap buffer overflow. Yokogawa CENTUM CS3000 is prone to a heap-based buffer-overflow vulnerability. Successful exploits will allow attackers to crash the affected application, resulting in a denial-of-service condition. Due to the nature of this issue, code execution is also possible. Yokogawa CENTUM CS3000 R3.08.50 is vulnerable; other versions may also be affected. Yokogawa CENTUM CS is a set of large-scale production control system of Japan Yokogawa Electric Corporation (Yokogawa). The system is mainly used in multi-field factories

Trust: 2.7

sources: NVD: CVE-2014-0781 // JVNDB: JVNDB-2014-001654 // CNVD: CNVD-2014-01753 // BID: 66130 // IVD: 285cd4bc-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-68274

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 285cd4bc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01753

AFFECTED PRODUCTS

vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.03	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.08.70	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.08.50	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.09	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.07	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.05	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.08	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.04	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.06	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.02	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000	scope:	lte	version:	r3.09.50	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.01	Trust: 1.0
vendor:	yokogawa electric	model:	centum cs 3000 software	scope:	lte	version:	r3.09.50	Trust: 0.8
vendor:	yokogawa electric	model:	centum cs3000 r3.09.50	scope:	lte	version:	<=	Trust: 0.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.09.50	Trust: 0.6
vendor:	centum cs 3000	model:	r3.01	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.02	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.03	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.04	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.05	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.06	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.07	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.08	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.08.50	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.08.70	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.09	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 285cd4bc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01753 // JVNDB: JVNDB-2014-001654 // CNNVD: CNNVD-201403-251 // NVD: CVE-2014-0781

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0781
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0781
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-01753
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201403-251
value:	CRITICAL
Trust: 0.6
IVD:	285cd4bc-2352-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-68274
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0781
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-01753
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	285cd4bc-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-68274
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 285cd4bc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01753 // VULHUB: VHN-68274 // JVNDB: JVNDB-2014-001654 // CNNVD: CNNVD-201403-251 // NVD: CVE-2014-0781

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-68274 // JVNDB: JVNDB-2014-001654 // NVD: CVE-2014-0781

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-251

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 285cd4bc-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201403-251

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001654

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-68274

PATCH

title:	YSAR-14-0001: CENTUM を含む YOKOGAWA 製品に複数のバッファオーバーフローの脆弱性	url:	http://www.yokogawa.co.jp/dcs/security/ysar/YSAR-14-0001.pdf	Trust: 0.8
title:	Patch for Yokogawa CENTUM CS Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/44339	Trust: 0.6

sources: CNVD: CNVD-2014-01753 // JVNDB: JVNDB-2014-001654

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0781	Trust: 3.6
db:	ICS CERT	id:	ICSA-14-070-01	Trust: 2.5
db:	BID	id:	66130	Trust: 2.0
db:	CNNVD	id:	CNNVD-201403-251	Trust: 0.9
db:	CNVD	id:	CNVD-2014-01753	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-133-01	Trust: 0.8
db:	JVN	id:	JVNVU98181377	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001654	Trust: 0.8
db:	SECUNIA	id:	57303	Trust: 0.6
db:	NSFOCUS	id:	26255	Trust: 0.6
db:	IVD	id:	285CD4BC-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-68274	Trust: 0.1

sources: IVD: 285cd4bc-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01753 // VULHUB: VHN-68274 // BID: 66130 // JVNDB: JVNDB-2014-001654 // CNNVD: CNNVD-201403-251 // NVD: CVE-2014-0781

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-070-01	Trust: 2.5
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0781	Trust: 1.4
url:	http://www.securityfocus.com/bid/66130	Trust: 1.1
url:	https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0781	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-14-133-01	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98181377/index.html	Trust: 0.8
url:	http://secunia.com/advisories/57303	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/26255	Trust: 0.6

sources: CNVD: CNVD-2014-01753 // VULHUB: VHN-68274 // JVNDB: JVNDB-2014-001654 // CNNVD: CNNVD-201403-251 // NVD: CVE-2014-0781

CREDITS

juan vazquez

Trust: 0.3

sources: BID: 66130

SOURCES

db:	IVD	id:	285cd4bc-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-01753
db:	VULHUB	id:	VHN-68274
db:	BID	id:	66130
db:	JVNDB	id:	JVNDB-2014-001654
db:	CNNVD	id:	CNNVD-201403-251
db:	NVD	id:	CVE-2014-0781

LAST UPDATE DATE

2024-11-23T22:08:20.248000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01753	date:	2014-07-07T00:00:00
db:	VULHUB	id:	VHN-68274	date:	2015-08-05T00:00:00
db:	BID	id:	66130	date:	2014-10-13T00:01:00
db:	JVNDB	id:	JVNDB-2014-001654	date:	2014-05-14T00:00:00
db:	CNNVD	id:	CNNVD-201403-251	date:	2014-03-18T00:00:00
db:	NVD	id:	CVE-2014-0781	date:	2024-11-21T02:02:47.663

SOURCES RELEASE DATE

db:	IVD	id:	285cd4bc-2352-11e6-abef-000c29c66e3d	date:	2014-03-18T00:00:00
db:	CNVD	id:	CNVD-2014-01753	date:	2014-03-18T00:00:00
db:	VULHUB	id:	VHN-68274	date:	2014-03-14T00:00:00
db:	BID	id:	66130	date:	2014-03-11T00:00:00
db:	JVNDB	id:	JVNDB-2014-001654	date:	2014-03-17T00:00:00
db:	CNNVD	id:	CNNVD-201403-251	date:	2014-03-18T00:00:00
db:	NVD	id:	CVE-2014-0781	date:	2014-03-14T10:55:05.817