fkie_nvd - fkie_cve-2014-0781

fkie_cve-2014-0781

Vulnerability from fkie_nvd

Published

2014-03-14 10:55

Modified

2024-11-21 02:02

Severity ?

Summary

Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.

References

URL	Tags
ics-cert@hq.dhs.gov	http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01	US Government Resource
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/66130
ics-cert@hq.dhs.gov	https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/66130
af854a3a-2127-422b-91ae-364da2661108	https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities	Exploit

Impacted products

Vendor	Product	Version
yokogawa	centum_cs_3000	*
yokogawa	centum_cs_3000	r3.01
yokogawa	centum_cs_3000	r3.02
yokogawa	centum_cs_3000	r3.03
yokogawa	centum_cs_3000	r3.04
yokogawa	centum_cs_3000	r3.05
yokogawa	centum_cs_3000	r3.06
yokogawa	centum_cs_3000	r3.07
yokogawa	centum_cs_3000	r3.08
yokogawa	centum_cs_3000	r3.08.50
yokogawa	centum_cs_3000	r3.08.70
yokogawa	centum_cs_3000	r3.09

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CECD111-9739-48AA-8ABD-D32757AA93CF",
              "versionEndIncluding": "r3.09.50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "40831829-1F44-439C-9A19-7DAAFD36E32F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4F916DD-24BC-4955-9C30-A52C2A41B69C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "D660F6DA-8694-4F23-B967-299953DFD293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A408C8-A7CF-439D-85E5-0DD8056A5908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA37B07D-505E-414A-9E69-E2AAB239CA35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "32BBCAC6-AB8D-4D68-A5E4-F7FBFC3F4B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1B75CD-C0BA-4046-A49E-9903B3B5972C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07B64DB-E820-467B-A603-971970637FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "6813F466-42F8-4013-97A4-DA6E5D7C52F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B0FEB1C-1427-4875-82C6-7EBD2B262766",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "1824EC58-BCB1-4876-8729-2B6FF2FF8D1D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en BKCLogSvr.exe en Yokogawa CENTUM CS 3000 R3.09.50 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de paquetes UDP manipulados."
    }
  ],
  "id": "CVE-2014-0781",
  "lastModified": "2024-11-21T02:02:47.663",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-03-14T10:55:05.817",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "http://www.securityfocus.com/bid/66130"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Exploit"
      ],
      "url": "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/66130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2014-0781

Vulnerability from cvelistv5

Published

2014-03-14 10:00