CVE-2014-0782

Yokogawa CENTUM CS 3000 Stack-based Buffer Overflow

CVSS 8.3 EPSS 56.8%CWE-121

Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.

AV:N/AC:M/Au:N/C:P/I:P/A:C

Productos afectados

Yokogawa · CENTUM CS 3000

PoCs públicas encontradas — 1

exploitdbwww.exploit-db.com/exploits/33331no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01 https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities https://www.cisa.gov/news-events/ics-advisories/icsa-14-070-01a http://www.securityfocus.com/bid/66130 http://www.yokogawa.com/dcs/security/ysar/dcs-ysar-index-en.htm.http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf