Details of VAR-201407-0492

ID

VAR-201407-0492

CVE

CVE-2014-3888

TITLE

Yokogawa Multiple products 'BKFSim_vhfd.exe' Buffer Overflow Vulnerability

Trust: 1.2

sources: IVD: aef169b2-2351-11e6-abef-000c29c66e3d // IVD: e7929a0c-2351-11e6-abef-000c29c66e3d // IVD: 7d758acf-463f-11e9-86c9-000c29342cb1 // CNVD: CNVD-2014-04231

DESCRIPTION

Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet. Integrated production control system provided by Yokogawa Electric Corporation CENTUM Including multiple YOKOGAWA The product contains a buffer overflow vulnerability. This vulnerability JVNVU#98181377 Is different. JVNVU#98181377 http://jvn.jp/vu/JVNVU98181377/index.htmlIf a specially crafted packet is processed while the extended test function is running, the process may stop. In some cases, arbitrary code may be executed with the privileges of the user running the product. Yokogawa Corporation (YOKOGAWA) is a world-renowned leader in measurement, industrial automation control, and information systems. There are buffer overflow vulnerabilities in Yokogawa's multiple products 'BKFSim_vhfd.exe'. Since the sub_403E10\" (IDA notation) function in multiple YOKOGAWA products \"BKFSim_vhfd.exe\" service is used for logging functions, the function uses user controllable data to create logs. Using similar vsprintf and memcpy functions can cause an attacker to trigger a buffer overflow, which can crash an application or execute arbitrary code in the context of an application. Multiple Yokogawa Products are prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed attempts will likely cause a denial-of-service condition. Yokogawa CENTUM CS, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Yokogawa CENTUM CS and CENTUM VP are large-scale production control systems. Exaopc is an OPC data access server

Trust: 3.06

sources: NVD: CVE-2014-3888 // JVNDB: JVNDB-2014-003164 // CNVD: CNVD-2014-04231 // BID: 68428 // IVD: aef169b2-2351-11e6-abef-000c29c66e3d // IVD: e7929a0c-2351-11e6-abef-000c29c66e3d // IVD: 7d758acf-463f-11e9-86c9-000c29342cb1 // VULHUB: VHN-71828

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.2

sources: IVD: aef169b2-2351-11e6-abef-000c29c66e3d // IVD: e7929a0c-2351-11e6-abef-000c29c66e3d // IVD: 7d758acf-463f-11e9-86c9-000c29342cb1 // CNVD: CNVD-2014-04231

AFFECTED PRODUCTS

vendor:	yokogawa	model:	centum cs 1000 software	scope:	eq	version:	-	Trust: 1.6
vendor:	yokogawa	model:	centum vp software	scope:	eq	version:	4.03.00	Trust: 1.0
vendor:	yokogawa	model:	exaopc	scope:	lte	version:	3.72.00	Trust: 1.0
vendor:	yokogawa	model:	centum vp entry class	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa	model:	centum cs 1000	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa	model:	centum vp software	scope:	lte	version:	5.03.20	Trust: 1.0
vendor:	yokogawa	model:	b\/m9000cs software	scope:	lte	version:	5.05.01	Trust: 1.0
vendor:	yokogawa	model:	centum vp entry class software	scope:	lte	version:	5.03.00	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000 software	scope:	lte	version:	2.23.00	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000 entry class software	scope:	lte	version:	3.09.50	Trust: 1.0
vendor:	yokogawa	model:	centum vp	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa	model:	b\/m9000 vp	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa	model:	b\/m9000 vp software	scope:	lte	version:	7.03.01	Trust: 1.0
vendor:	yokogawa	model:	exaopc	scope:	eq	version:	3.71.02	Trust: 1.0
vendor:	yokogawa	model:	centum cs 3000 entry class	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa	model:	b\/m9000cs	scope:	eq	version:	-	Trust: 1.0
vendor:	yokogawa electric	model:	b/m9000 vp	scope:	-	version:	-	Trust: 0.8
vendor:	yokogawa electric	model:	b/m9000 vp software	scope:	lte	version:	r7.03.01	Trust: 0.8
vendor:	yokogawa electric	model:	b/m9000cs	scope:	-	version:	-	Trust: 0.8
vendor:	yokogawa electric	model:	b/m9000cs software	scope:	lte	version:	r5.05.01	Trust: 0.8
vendor:	yokogawa electric	model:	centum cs 1000	scope:	-	version:	-	Trust: 0.8
vendor:	yokogawa electric	model:	centum cs 1000 software	scope:	-	version:	-	Trust: 0.8
vendor:	yokogawa electric	model:	centum cs 3000	scope:	eq	version:	none	Trust: 0.8
vendor:	yokogawa electric	model:	centum cs 3000	scope:	eq	version:	small	Trust: 0.8
vendor:	yokogawa electric	model:	centum cs 3000 entry class software	scope:	lte	version:	r3.09.50	Trust: 0.8
vendor:	yokogawa electric	model:	centum cs 3000 software	scope:	lte	version:	r3.09.50	Trust: 0.8
vendor:	yokogawa electric	model:	centum vp	scope:	eq	version:	none	Trust: 0.8
vendor:	yokogawa electric	model:	centum vp	scope:	eq	version:	basic	Trust: 0.8
vendor:	yokogawa electric	model:	centum vp	scope:	eq	version:	small	Trust: 0.8
vendor:	yokogawa electric	model:	centum vp entry class software	scope:	lte	version:	r5.03.20	Trust: 0.8
vendor:	yokogawa electric	model:	centum vp software	scope:	lte	version:	r5.03.20	Trust: 0.8
vendor:	yokogawa electric	model:	exaopc	scope:	lte	version:	72.00	Trust: 0.8
vendor:	exaopc	model:	-	scope:	eq	version:	3.71.02	Trust: 0.6
vendor:	exaopc	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	yokogawa electric	model:	cs3000	scope:	-	version:	-	Trust: 0.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.08.70	Trust: 0.6
vendor:	yokogawa	model:	centum cs 3000 entry class software	scope:	eq	version:	3.09.50	Trust: 0.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.08.50	Trust: 0.6
vendor:	yokogawa	model:	centum cs 3000 software	scope:	eq	version:	2.23.00	Trust: 0.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.09	Trust: 0.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.07	Trust: 0.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.09.50	Trust: 0.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.08	Trust: 0.6
vendor:	yokogawa	model:	centum cs 3000	scope:	eq	version:	r3.06	Trust: 0.6

sources: IVD: aef169b2-2351-11e6-abef-000c29c66e3d // IVD: e7929a0c-2351-11e6-abef-000c29c66e3d // IVD: 7d758acf-463f-11e9-86c9-000c29342cb1 // CNVD: CNVD-2014-04231 // JVNDB: JVNDB-2014-003164 // CNNVD: CNNVD-201407-258 // NVD: CVE-2014-3888

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3888
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2014-003164
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-04231
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201407-258
value:	HIGH
Trust: 0.6
IVD:	aef169b2-2351-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
IVD:	e7929a0c-2351-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
IVD:	7d758acf-463f-11e9-86c9-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-71828
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3888
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2014-003164
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2014-04231
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	aef169b2-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	e7929a0c-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	7d758acf-463f-11e9-86c9-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-71828
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: aef169b2-2351-11e6-abef-000c29c66e3d // IVD: e7929a0c-2351-11e6-abef-000c29c66e3d // IVD: 7d758acf-463f-11e9-86c9-000c29342cb1 // CNVD: CNVD-2014-04231 // VULHUB: VHN-71828 // JVNDB: JVNDB-2014-003164 // CNNVD: CNNVD-201407-258 // NVD: CVE-2014-3888

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-71828 // JVNDB: JVNDB-2014-003164 // NVD: CVE-2014-3888

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-258

TYPE

Buffer overflow

Trust: 1.2

sources: IVD: aef169b2-2351-11e6-abef-000c29c66e3d // IVD: e7929a0c-2351-11e6-abef-000c29c66e3d // IVD: 7d758acf-463f-11e9-86c9-000c29342cb1 // CNNVD: CNNVD-201407-258

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003164

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-71828

PATCH

title:

横河電機株式会社の告知ページ

url:

http://www.yokogawa.co.jp/dcs/security/ysar/dcs-ysar-index-ja.htm

Trust: 0.8

sources: JVNDB: JVNDB-2014-003164

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3888	Trust: 4.0
db:	ICS CERT	id:	ICSA-14-189-01	Trust: 2.5
db:	CNNVD	id:	CNNVD-201407-258	Trust: 1.3
db:	CNVD	id:	CNVD-2014-04231	Trust: 1.2
db:	PACKETSTORM	id:	127382	Trust: 1.1
db:	EXPLOIT-DB	id:	34009	Trust: 1.1
db:	OSVDB	id:	108756	Trust: 1.1
db:	BID	id:	68428	Trust: 1.0
db:	JVN	id:	JVNVU95045914	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-003164	Trust: 0.8
db:	IVD	id:	AEF169B2-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	E7929A0C-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	7D758ACF-463F-11E9-86C9-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-71828	Trust: 0.1

sources: IVD: aef169b2-2351-11e6-abef-000c29c66e3d // IVD: e7929a0c-2351-11e6-abef-000c29c66e3d // IVD: 7d758acf-463f-11e9-86c9-000c29342cb1 // CNVD: CNVD-2014-04231 // VULHUB: VHN-71828 // BID: 68428 // JVNDB: JVNDB-2014-003164 // CNNVD: CNNVD-201407-258 // NVD: CVE-2014-3888

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-189-01	Trust: 2.5
url:	http://www.yokogawa.com/dcs/security/ysar/ysar-14-0002e.pdf	Trust: 1.7
url:	http://www.exploit-db.com/exploits/34009	Trust: 1.1
url:	http://packetstormsecurity.com/files/127382/yokogawa-cs3000-bkfsim_vhfd.exe-buffer-overflow.html	Trust: 1.1
url:	http://osvdb.org/show/osvdb/108756	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3888	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu95045914/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3888	Trust: 0.8
url:	https://community.rapid7.com/community/metasploit/blog/2014/07/07/r7-2014-06-disclosure-yokogawa-centum-cs-3000-bkfsimvhfdexe-buffer-overflow	Trust: 0.6

sources: CNVD: CNVD-2014-04231 // VULHUB: VHN-71828 // JVNDB: JVNDB-2014-003164 // CNNVD: CNNVD-201407-258 // NVD: CVE-2014-3888

CREDITS

juan vazquez

Trust: 0.3

sources: BID: 68428

SOURCES

db:	IVD	id:	aef169b2-2351-11e6-abef-000c29c66e3d
db:	IVD	id:	e7929a0c-2351-11e6-abef-000c29c66e3d
db:	IVD	id:	7d758acf-463f-11e9-86c9-000c29342cb1
db:	CNVD	id:	CNVD-2014-04231
db:	VULHUB	id:	VHN-71828
db:	BID	id:	68428
db:	JVNDB	id:	JVNDB-2014-003164
db:	CNNVD	id:	CNNVD-201407-258
db:	NVD	id:	CVE-2014-3888

LAST UPDATE DATE

2024-11-23T23:05:46.233000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-04231	date:	2014-07-11T00:00:00
db:	VULHUB	id:	VHN-71828	date:	2015-10-08T00:00:00
db:	BID	id:	68428	date:	2014-08-27T00:04:00
db:	JVNDB	id:	JVNDB-2014-003164	date:	2014-07-11T00:00:00
db:	CNNVD	id:	CNNVD-201407-258	date:	2014-07-11T00:00:00
db:	NVD	id:	CVE-2014-3888	date:	2024-11-21T02:09:04.023

SOURCES RELEASE DATE

db:	IVD	id:	aef169b2-2351-11e6-abef-000c29c66e3d	date:	2014-07-11T00:00:00
db:	IVD	id:	e7929a0c-2351-11e6-abef-000c29c66e3d	date:	2014-07-11T00:00:00
db:	IVD	id:	7d758acf-463f-11e9-86c9-000c29342cb1	date:	2014-07-11T00:00:00
db:	CNVD	id:	CNVD-2014-04231	date:	2014-07-11T00:00:00
db:	VULHUB	id:	VHN-71828	date:	2014-07-10T00:00:00
db:	BID	id:	68428	date:	2014-07-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-003164	date:	2014-07-07T00:00:00
db:	CNNVD	id:	CNNVD-201407-258	date:	2014-07-11T00:00:00
db:	NVD	id:	CVE-2014-3888	date:	2014-07-10T11:06:28.880