Details of VAR-201405-0456

ID

VAR-201405-0456

CVE

CVE-2014-0782

TITLE

Yokogawa Multiple Product Simulator Management Process Stack Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: fb553ac2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03050

DESCRIPTION

Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet. plural YOKOGAWA Product extended test function package BKESimmgr.exe Contains a stack-based buffer overflow vulnerability.A third party may be able to execute arbitrary code via a crafted packet. The Yokogawa CENTUM CS3000 is a production control system. Yokogawa's multiple product simulator management process has a stack buffer overflow vulnerability due to the Yokogawa CENTUM CS3000 BKESimmgr.exe service failing to properly use memcpy to handle user-submitted special requests, allowing remote attackers to exploit vulnerabilities for buffer overflow attacks, making applications The context executes arbitrary code. Multiple Yokogawa products are prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successful exploits may allow an attacker to execute arbitrary code with system privileges. Failed attempts will likely cause a denial-of-service condition. Yokogawa CENTUM CS, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Exaopc is an OPC data access server. Version 71.02 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.0 and earlier

Trust: 2.7

sources: NVD: CVE-2014-0782 // JVNDB: JVNDB-2014-002535 // CNVD: CNVD-2014-03050 // BID: 67324 // IVD: fb553ac2-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-68275

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: fb553ac2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03050

AFFECTED PRODUCTS

vendor:	yokogawa	model:	centum cs 1000 software	scope:	eq	version:	-	Trust: 1.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa	model:	centum cs 1000	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa	model:	centum vp entry class	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa	model:	exaopc	scope:	lte	version:	3.71.02	Trust: 1.0
vendor:	yokogawa	model:	centum vp software	scope:	lte	version:	4.03.00	Trust: 1.0
vendor:	yokogawa	model:	b\/m9000cs software	scope:	lte	version:	5.05.01	Trust: 1.0
vendor:	yokogawa	model:	b\/m9000cs	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000 entry class software	scope:	lte	version:	3.09.50	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000 software	scope:	lte	version:	2.23.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp entry class software	scope:	lte	version:	5.03.00	Trust: 1.0
vendor:	yokogawa	model:	b\/m9000 vp	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa	model:	centum vp	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa	model:	b\/m9000 vp software	scope:	lte	version:	7.03.01	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000 entry class	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa electric	model:	b/m9000 vp	scope:	-	version:	-	Trust: 0.8
vendor:	yokogawa electric	model:	b/m9000 vp software	scope:	lte	version:	r7.03.01	Trust: 0.8
vendor:	yokogawa electric	model:	b/m9000cs	scope:	-	version:	-	Trust: 0.8
vendor:	yokogawa electric	model:	b/m9000cs software	scope:	lte	version:	r5.05.01	Trust: 0.8
vendor:	yokogawa electric	model:	centum cs 1000	scope:	-	version:	-	Trust: 0.8
vendor:	yokogawa electric	model:	centum cs 1000 software	scope:	-	version:	-	Trust: 0.8
vendor:	yokogawa electric	model:	centum cs 3000	scope:	-	version:	-	Trust: 0.8
vendor:	yokogawa electric	model:	centum cs 3000 entry class	scope:	-	version:	-	Trust: 0.8
vendor:	yokogawa electric	model:	centum cs 3000 entry class software	scope:	lte	version:	r3.09.50	Trust: 0.8
vendor:	yokogawa electric	model:	centum cs 3000 software	scope:	lte	version:	r2.23.00	Trust: 0.8
vendor:	yokogawa electric	model:	centum vp	scope:	-	version:	-	Trust: 0.8
vendor:	yokogawa electric	model:	centum vp entry class	scope:	-	version:	-	Trust: 0.8
vendor:	yokogawa electric	model:	centum vp entry class software	scope:	lte	version:	r5.03.00	Trust: 0.8
vendor:	yokogawa electric	model:	centum vp software	scope:	lte	version:	r4.03.00	Trust: 0.8
vendor:	yokogawa electric	model:	exaopc	scope:	lte	version:	r3.71.02	Trust: 0.8
vendor:	yokogawa electric	model:	cs3000	scope:	-	version:	-	Trust: 0.6
vendor:	yokogawa	model:	centum cs 3000 entry class software	scope:	eq	version:	3.09.50	Trust: 0.6
vendor:	yokogawa	model:	b\/m9000cs software	scope:	eq	version:	5.05.01	Trust: 0.6
vendor:	yokogawa	model:	exaopc	scope:	eq	version:	3.71.02	Trust: 0.6
vendor:	yokogawa	model:	centum cs 3000 software	scope:	eq	version:	2.23.00	Trust: 0.6
vendor:	yokogawa	model:	centum vp entry class software	scope:	eq	version:	5.03.00	Trust: 0.6
vendor:	yokogawa	model:	b\/m9000 vp software	scope:	eq	version:	7.03.01	Trust: 0.6
vendor:	yokogawa	model:	centum vp software	scope:	eq	version:	4.03.00	Trust: 0.6
vendor:	yokogawa electric	model:	cs3000	scope:	eq	version:	*	Trust: 0.2

sources: IVD: fb553ac2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03050 // JVNDB: JVNDB-2014-002535 // CNNVD: CNNVD-201405-286 // NVD: CVE-2014-0782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0782
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0782
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-03050
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201405-286
value:	HIGH
Trust: 0.6
IVD:	fb553ac2-2351-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-68275
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0782
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-03050
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	fb553ac2-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-68275
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: fb553ac2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03050 // VULHUB: VHN-68275 // JVNDB: JVNDB-2014-002535 // CNNVD: CNNVD-201405-286 // NVD: CVE-2014-0782

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-68275 // JVNDB: JVNDB-2014-002535 // NVD: CVE-2014-0782

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-286

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: fb553ac2-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201405-286

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002535

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-68275

PATCH

title:	YSAR-14-0001: CENTUM を含む YOKOGAWA 製品に複数のバッファオーバーフローの脆弱性	url:	http://www.yokogawa.co.jp/dcs/security/ysar/YSAR-14-0001.pdf	Trust: 0.8
title:	Yokogawa Multiple Product Simulator Management Process Stack Buffer Overflow Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/45632	Trust: 0.6

sources: CNVD: CNVD-2014-03050 // JVNDB: JVNDB-2014-002535

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0782	Trust: 3.6
db:	ICS CERT	id:	ICSA-14-133-01	Trust: 2.5
db:	BID	id:	67324	Trust: 1.0
db:	CNNVD	id:	CNNVD-201405-286	Trust: 0.9
db:	CNVD	id:	CNVD-2014-03050	Trust: 0.8
db:	ICS CERT	id:	ICSA-14-070-01	Trust: 0.8
db:	JVN	id:	JVNVU98181377	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-002535	Trust: 0.8
db:	EXPLOIT-DB	id:	33331	Trust: 0.7
db:	EXPLOITDB	id:	33331	Trust: 0.6
db:	IVD	id:	FB553AC2-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	PACKETSTORM	id:	126573	Trust: 0.1
db:	SEEBUG	id:	SSVID-86556	Trust: 0.1
db:	VULHUB	id:	VHN-68275	Trust: 0.1

sources: IVD: fb553ac2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-03050 // VULHUB: VHN-68275 // BID: 67324 // JVNDB: JVNDB-2014-002535 // CNNVD: CNNVD-201405-286 // NVD: CVE-2014-0782

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-133-01	Trust: 2.5
url:	http://www.yokogawa.com/dcs/security/ysar/ysar-14-0001e.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0782	Trust: 0.8
url:	http://ics-cert.us-cert.gov/advisories/icsa-14-070-01	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98181377/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0782	Trust: 0.8
url:	http://www.exploit-db.com/exploits/33331/	Trust: 0.6
url:	https://community.rapid7.com/community/metasploit/blog/2014/05/09/r7-2013-192-disclosure-yokogawa-centum-cs-3000-vulnerabilities	Trust: 0.6

sources: CNVD: CNVD-2014-03050 // VULHUB: VHN-68275 // JVNDB: JVNDB-2014-002535 // CNNVD: CNNVD-201405-286 // NVD: CVE-2014-0782

CREDITS

juan vazquez

Trust: 0.3

sources: BID: 67324

SOURCES

db:	IVD	id:	fb553ac2-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-03050
db:	VULHUB	id:	VHN-68275
db:	BID	id:	67324
db:	JVNDB	id:	JVNDB-2014-002535
db:	CNNVD	id:	CNNVD-201405-286
db:	NVD	id:	CVE-2014-0782

LAST UPDATE DATE

2024-11-23T22:08:20.207000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03050	date:	2014-07-07T00:00:00
db:	VULHUB	id:	VHN-68275	date:	2014-05-19T00:00:00
db:	BID	id:	67324	date:	2014-05-16T00:51:00
db:	JVNDB	id:	JVNDB-2014-002535	date:	2014-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201405-286	date:	2014-05-19T00:00:00
db:	NVD	id:	CVE-2014-0782	date:	2024-11-21T02:02:47.770

SOURCES RELEASE DATE

db:	IVD	id:	fb553ac2-2351-11e6-abef-000c29c66e3d	date:	2014-05-16T00:00:00
db:	CNVD	id:	CNVD-2014-03050	date:	2014-05-16T00:00:00
db:	VULHUB	id:	VHN-68275	date:	2014-05-16T00:00:00
db:	BID	id:	67324	date:	2014-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-002535	date:	2014-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201405-286	date:	2014-05-19T00:00:00
db:	NVD	id:	CVE-2014-0782	date:	2014-05-16T11:12:00.243