ID

VAR-201403-0447


CVE

CVE-2014-0783


TITLE

Yokogawa CENTUM CS3000 'BKHOdeq.exe' Stack Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 28592c0e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01620

DESCRIPTION

Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet. The Yokogawa CENTUM CS3000 is a production control system. A stack buffer overflow vulnerability exists in Yokogawa CENTUM CS3000 'BKHOdeq.exe' when processing specially crafted messages. Allows an attacker to exploit a vulnerability to submit a special request to crash an application or execute arbitrary code. Yokogawa CENTUM CS3000 is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. Yokogawa CENTUM CS3000 R3.08.50 is vulnerable; other versions may also be affected. Yokogawa CENTUM CS is a set of large-scale production control system of Japan Yokogawa Electric Corporation (Yokogawa). The system is mainly used in multi-field factories

Trust: 2.7

sources: NVD: CVE-2014-0783 // JVNDB: JVNDB-2014-001655 // CNVD: CNVD-2014-01620 // BID: 66111 // IVD: 28592c0e-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-68276

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 28592c0e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01620

AFFECTED PRODUCTS

vendor:yokogawamodel:centum cs 3000scope:eqversion:r3.03

Trust: 1.6

vendor:yokogawamodel:centum cs 3000scope:eqversion:r3.08.70

Trust: 1.6

vendor:yokogawamodel:centum cs 3000scope:eqversion:r3.08.50

Trust: 1.6

vendor:yokogawamodel:centum cs 3000scope:eqversion:r3.09

Trust: 1.6

vendor:yokogawamodel:centum cs 3000scope:eqversion:r3.07

Trust: 1.6

vendor:yokogawamodel:centum cs 3000scope:eqversion:r3.05

Trust: 1.6

vendor:yokogawamodel:centum cs 3000scope:eqversion:r3.08

Trust: 1.6

vendor:yokogawamodel:centum cs 3000scope:eqversion:r3.04

Trust: 1.6

vendor:yokogawamodel:centum cs 3000scope:eqversion:r3.06

Trust: 1.6

vendor:yokogawamodel:centum cs 3000scope:eqversion:r3.02

Trust: 1.0

vendor:yokogawamodel:centum cs 3000scope:lteversion:r3.09.50

Trust: 1.0

vendor:yokogawamodel:centum cs 3000scope:eqversion:r3.01

Trust: 1.0

vendor:yokogawa electricmodel:centum cs 3000 softwarescope:lteversion:r3.09.50

Trust: 0.8

vendor:yokogawa electricmodel:centum cs3000 r3.08.50scope: - version: -

Trust: 0.6

vendor:yokogawamodel:centum cs 3000scope:eqversion:r3.09.50

Trust: 0.6

vendor:centum cs 3000model:r3.01scope: - version: -

Trust: 0.2

vendor:centum cs 3000model:r3.02scope: - version: -

Trust: 0.2

vendor:centum cs 3000model:r3.03scope: - version: -

Trust: 0.2

vendor:centum cs 3000model:r3.04scope: - version: -

Trust: 0.2

vendor:centum cs 3000model:r3.05scope: - version: -

Trust: 0.2

vendor:centum cs 3000model:r3.06scope: - version: -

Trust: 0.2

vendor:centum cs 3000model:r3.07scope: - version: -

Trust: 0.2

vendor:centum cs 3000model:r3.08scope: - version: -

Trust: 0.2

vendor:centum cs 3000model:r3.08.50scope: - version: -

Trust: 0.2

vendor:centum cs 3000model:r3.08.70scope: - version: -

Trust: 0.2

vendor:centum cs 3000model:r3.09scope: - version: -

Trust: 0.2

vendor:centum cs 3000model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 28592c0e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01620 // JVNDB: JVNDB-2014-001655 // CNNVD: CNNVD-201403-252 // NVD: CVE-2014-0783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0783
value: HIGH

Trust: 1.0

NVD: CVE-2014-0783
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-01620
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201403-252
value: CRITICAL

Trust: 0.6

IVD: 28592c0e-2352-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-68276
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-0783
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-01620
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 28592c0e-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-68276
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 28592c0e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01620 // VULHUB: VHN-68276 // JVNDB: JVNDB-2014-001655 // CNNVD: CNNVD-201403-252 // NVD: CVE-2014-0783

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-68276 // JVNDB: JVNDB-2014-001655 // NVD: CVE-2014-0783

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-252

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 28592c0e-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201403-252

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:yokogawa:centum_cs_3000_software"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2014-001655

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-68276

PATCH

title:YSAR-14-0001: CENTUM を含む YOKOGAWA 製品に複数のバッファオーバーフローの脆弱性url:http://www.yokogawa.co.jp/dcs/security/ysar/YSAR-14-0001.pdf

Trust: 0.8

title:Yokogawa CENTUM CS3000 'BKHOdeq.exe' Patch Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/44223

Trust: 0.6

sources: CNVD: CNVD-2014-01620 // JVNDB: JVNDB-2014-001655

EXTERNAL IDS

db:NVDid:CVE-2014-0783

Trust: 3.6

db:ICS CERTid:ICSA-14-070-01

Trust: 2.5

db:BIDid:66111

Trust: 2.0

db:CNNVDid:CNNVD-201403-252

Trust: 0.9

db:CNVDid:CNVD-2014-01620

Trust: 0.8

db:ICS CERTid:ICSA-14-133-01

Trust: 0.8

db:JVNid:JVNVU98181377

Trust: 0.8

db:JVNDBid:JVNDB-2014-001655

Trust: 0.8

db:PACKETSTORMid:125649

Trust: 0.6

db:SECUNIAid:57303

Trust: 0.6

db:NSFOCUSid:26255

Trust: 0.6

db:IVDid:28592C0E-2352-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:EXPLOIT-DBid:32209

Trust: 0.1

db:SEEBUGid:SSVID-85508

Trust: 0.1

db:VULHUBid:VHN-68276

Trust: 0.1

sources: IVD: 28592c0e-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01620 // VULHUB: VHN-68276 // BID: 66111 // JVNDB: JVNDB-2014-001655 // CNNVD: CNNVD-201403-252 // NVD: CVE-2014-0783

REFERENCES

url:http://ics-cert.us-cert.gov/advisories/icsa-14-070-01

Trust: 2.5

url:http://www.securityfocus.com/bid/66111

Trust: 1.1

url:https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0783

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-14-133-01

Trust: 0.8

url:http://jvn.jp/vu/jvnvu98181377/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0783

Trust: 0.8

url:http://packetstormsecurity.com/files/125649/yokogawa-centum-cs-3000-bkhodeq.exe-buffer-overflow.html

Trust: 0.6

url:http://secunia.com/advisories/57303

Trust: 0.6

url:http://www.nsfocus.net/vulndb/26255

Trust: 0.6

sources: CNVD: CNVD-2014-01620 // VULHUB: VHN-68276 // JVNDB: JVNDB-2014-001655 // CNNVD: CNNVD-201403-252 // NVD: CVE-2014-0783

CREDITS

juan vazquez

Trust: 0.3

sources: BID: 66111

SOURCES

db:IVDid:28592c0e-2352-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-01620
db:VULHUBid:VHN-68276
db:BIDid:66111
db:JVNDBid:JVNDB-2014-001655
db:CNNVDid:CNNVD-201403-252
db:NVDid:CVE-2014-0783

LAST UPDATE DATE

2024-11-23T22:08:20.165000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-01620date:2014-03-13T00:00:00
db:VULHUBid:VHN-68276date:2015-08-05T00:00:00
db:BIDid:66111date:2014-08-01T00:01:00
db:JVNDBid:JVNDB-2014-001655date:2014-05-14T00:00:00
db:CNNVDid:CNNVD-201403-252date:2014-03-18T00:00:00
db:NVDid:CVE-2014-0783date:2024-11-21T02:02:47.877

SOURCES RELEASE DATE

db:IVDid:28592c0e-2352-11e6-abef-000c29c66e3ddate:2014-03-13T00:00:00
db:CNVDid:CNVD-2014-01620date:2014-03-13T00:00:00
db:VULHUBid:VHN-68276date:2014-03-14T00:00:00
db:BIDid:66111date:2014-03-07T00:00:00
db:JVNDBid:JVNDB-2014-001655date:2014-03-17T00:00:00
db:CNNVDid:CNNVD-201403-252date:2014-03-18T00:00:00
db:NVDid:CVE-2014-0783date:2014-03-14T10:55:05.850