Details of VAR-201403-0448

ID

VAR-201403-0448

CVE

CVE-2014-0784

TITLE

Yokogawa CENTUM CS3000 'BKBCopyD.exe' Stack Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 2844bac6-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01621

DESCRIPTION

Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet. The Yokogawa CENTUM CS3000 is a production control system. Yokogawa CENTUM CS3000 is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successful exploits may allow an attacker to execute arbitrary code with system privileges. Failed attempts will likely cause a denial-of-service condition. Yokogawa CENTUM CS3000 R3.08.50 is vulnerable; other versions may also be affected. Yokogawa CENTUM CS is a set of large-scale production control system of Japan Yokogawa Electric Corporation (Yokogawa). The system is mainly used in multi-field factories

Trust: 2.7

sources: NVD: CVE-2014-0784 // JVNDB: JVNDB-2014-001656 // CNVD: CNVD-2014-01621 // BID: 66114 // IVD: 2844bac6-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-68277

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 2844bac6-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01621

AFFECTED PRODUCTS

vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.03	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.08.70	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.08.50	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.09	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.07	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.05	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.08	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.04	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.06	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.02	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000	scope:	lte	version:	r3.09.50	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.01	Trust: 1.0
vendor:	yokogawa electric	model:	centum cs 3000 software	scope:	lte	version:	r3.09.50	Trust: 0.8
vendor:	yokogawa electric	model:	centum cs3000 r3.08.50	scope:	-	version:	-	Trust: 0.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.09.50	Trust: 0.6
vendor:	centum cs 3000	model:	r3.01	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.02	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.03	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.04	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.05	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.06	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.07	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.08	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.08.50	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.08.70	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	r3.09	scope:	-	version:	-	Trust: 0.2
vendor:	centum cs 3000	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 2844bac6-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01621 // JVNDB: JVNDB-2014-001656 // CNNVD: CNNVD-201403-253 // NVD: CVE-2014-0784

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0784
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0784
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-01621
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201403-253
value:	HIGH
Trust: 0.6
IVD:	2844bac6-2352-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-68277
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0784
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-01621
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	2844bac6-2352-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-68277
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 2844bac6-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01621 // VULHUB: VHN-68277 // JVNDB: JVNDB-2014-001656 // CNNVD: CNNVD-201403-253 // NVD: CVE-2014-0784

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-68277 // JVNDB: JVNDB-2014-001656 // NVD: CVE-2014-0784

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201403-253

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 2844bac6-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201403-253

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001656

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-68277

PATCH

title:	YSAR-14-0001: CENTUM を含む YOKOGAWA 製品に複数のバッファオーバーフローの脆弱性	url:	http://www.yokogawa.co.jp/dcs/security/ysar/YSAR-14-0001.pdf	Trust: 0.8
title:	Yokogawa CENTUM CS3000 'BKBCopyD.exe' Stack Buffer Overflow Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/44226	Trust: 0.6

sources: CNVD: CNVD-2014-01621 // JVNDB: JVNDB-2014-001656

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0784	Trust: 3.6
db:	ICS CERT	id:	ICSA-14-070-01	Trust: 2.5
db:	BID	id:	66114	Trust: 2.0
db:	CNVD	id:	CNVD-2014-01621	Trust: 0.8
db:	CNNVD	id:	CNNVD-201403-253	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-133-01	Trust: 0.8
db:	JVN	id:	JVNVU98181377	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001656	Trust: 0.8
db:	PACKETSTORM	id:	125648	Trust: 0.6
db:	SECUNIA	id:	57303	Trust: 0.6
db:	NSFOCUS	id:	26255	Trust: 0.6
db:	IVD	id:	2844BAC6-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	EXPLOIT-DB	id:	32210	Trust: 0.1
db:	SEEBUG	id:	SSVID-85509	Trust: 0.1
db:	VULHUB	id:	VHN-68277	Trust: 0.1

sources: IVD: 2844bac6-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01621 // VULHUB: VHN-68277 // BID: 66114 // JVNDB: JVNDB-2014-001656 // CNNVD: CNNVD-201403-253 // NVD: CVE-2014-0784

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-070-01	Trust: 2.5
url:	http://www.securityfocus.com/bid/66114	Trust: 1.1
url:	https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0784	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-14-133-01	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98181377/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0784	Trust: 0.8
url:	http://packetstormsecurity.com/files/125648/yokogawa-centum-cs-3000-bkbcopyd.exe-buffer-overflow.html	Trust: 0.6
url:	http://secunia.com/advisories/57303	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/26255	Trust: 0.6

sources: CNVD: CNVD-2014-01621 // VULHUB: VHN-68277 // JVNDB: JVNDB-2014-001656 // CNNVD: CNNVD-201403-253 // NVD: CVE-2014-0784

CREDITS

juan vazquez

Trust: 0.3

sources: BID: 66114

SOURCES

db:	IVD	id:	2844bac6-2352-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-01621
db:	VULHUB	id:	VHN-68277
db:	BID	id:	66114
db:	JVNDB	id:	JVNDB-2014-001656
db:	CNNVD	id:	CNNVD-201403-253
db:	NVD	id:	CVE-2014-0784

LAST UPDATE DATE

2024-11-23T22:08:20.289000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-01621	date:	2014-03-13T00:00:00
db:	VULHUB	id:	VHN-68277	date:	2015-08-05T00:00:00
db:	BID	id:	66114	date:	2014-08-01T00:01:00
db:	JVNDB	id:	JVNDB-2014-001656	date:	2014-05-14T00:00:00
db:	CNNVD	id:	CNNVD-201403-253	date:	2014-03-18T00:00:00
db:	NVD	id:	CVE-2014-0784	date:	2024-11-21T02:02:47.997

SOURCES RELEASE DATE

db:	IVD	id:	2844bac6-2352-11e6-abef-000c29c66e3d	date:	2014-03-13T00:00:00
db:	CNVD	id:	CNVD-2014-01621	date:	2014-03-13T00:00:00
db:	VULHUB	id:	VHN-68277	date:	2014-03-14T00:00:00
db:	BID	id:	66114	date:	2014-03-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-001656	date:	2014-03-17T00:00:00
db:	CNNVD	id:	CNNVD-201403-253	date:	2014-03-18T00:00:00
db:	NVD	id:	CVE-2014-0784	date:	2014-03-14T10:55:05.863