Vulnerability Details CVE-2014-0784
Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.035
EPSS Ranking 87.2%
CVSS Severity
CVSS v2 Score 8.3
References
- http://www.securityfocus.com/bid/66130
- http://www.yokogawa.com/dcs/security/ysar/dcs-ysar-index-en.htm.
- https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-070-01a
- http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01
- http://www.securityfocus.com/bid/66114
- https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities
Products affected by CVE-2014-0784
-
cpe:2.3:a:yokogawa:centum_cs_3000:r3.01
-
cpe:2.3:a:yokogawa:centum_cs_3000:r3.02
-
cpe:2.3:a:yokogawa:centum_cs_3000:r3.03
-
cpe:2.3:a:yokogawa:centum_cs_3000:r3.04
-
cpe:2.3:a:yokogawa:centum_cs_3000:r3.05
-
cpe:2.3:a:yokogawa:centum_cs_3000:r3.06
-
cpe:2.3:a:yokogawa:centum_cs_3000:r3.07
-
cpe:2.3:a:yokogawa:centum_cs_3000:r3.08
-
cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50
-
cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70
-
cpe:2.3:a:yokogawa:centum_cs_3000:r3.09
-
cpe:2.3:a:yokogawa:centum_cs_3000:r3.09.50