cvelistv5 - CVE-2014-0781

CVE-2014-0781

Vulnerability from cvelistv5

Published

2014-03-14 10:00

Modified

2024-08-06 09:27

Severity ?

Summary

Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.

References

URL	Tags
ics-cert@hq.dhs.gov	http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01	US Government Resource
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/66130
ics-cert@hq.dhs.gov	https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/66130
af854a3a-2127-422b-91ae-364da2661108	https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities	Exploit

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:19.535Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01"
          },
          {
            "name": "66130",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/66130"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-03-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-05-14T16:57:00",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01"
        },
        {
          "name": "66130",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66130"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-0781",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01",
              "refsource": "MISC",
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01"
            },
            {
              "name": "66130",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/66130"
            },
            {
              "name": "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities",
              "refsource": "MISC",
              "url": "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2014-0781",
    "datePublished": "2014-03-14T10:00:00",
    "dateReserved": "2014-01-02T00:00:00",
    "dateUpdated": "2024-08-06T09:27:19.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"r3.09.50\", \"matchCriteriaId\": \"5CECD111-9739-48AA-8ABD-D32757AA93CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40831829-1F44-439C-9A19-7DAAFD36E32F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4F916DD-24BC-4955-9C30-A52C2A41B69C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D660F6DA-8694-4F23-B967-299953DFD293\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1A408C8-A7CF-439D-85E5-0DD8056A5908\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA37B07D-505E-414A-9E69-E2AAB239CA35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32BBCAC6-AB8D-4D68-A5E4-F7FBFC3F4B33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB1B75CD-C0BA-4046-A49E-9903B3B5972C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E07B64DB-E820-467B-A603-971970637FB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6813F466-42F8-4013-97A4-DA6E5D7C52F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B0FEB1C-1427-4875-82C6-7EBD2B262766\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1824EC58-BCB1-4876-8729-2B6FF2FF8D1D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de buffer basado en memoria din\\u00e1mica en BKCLogSvr.exe en Yokogawa CENTUM CS 3000 R3.09.50 y anteriores permite a atacantes remotos ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de paquetes UDP manipulados.\"}]",
      "id": "CVE-2014-0781",
      "lastModified": "2024-11-21T02:02:47.663",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-03-14T10:55:05.817",
      "references": "[{\"url\": \"http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/66130\", \"source\": \"ics-cert@hq.dhs.gov\"}, {\"url\": \"https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/66130\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-0781\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2014-03-14T10:55:05.817\",\"lastModified\":\"2024-11-21T02:02:47.663\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de buffer basado en memoria din\u00e1mica en BKCLogSvr.exe en Yokogawa CENTUM CS 3000 R3.09.50 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de paquetes UDP manipulados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"r3.09.50\",\"matchCriteriaId\":\"5CECD111-9739-48AA-8ABD-D32757AA93CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40831829-1F44-439C-9A19-7DAAFD36E32F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4F916DD-24BC-4955-9C30-A52C2A41B69C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D660F6DA-8694-4F23-B967-299953DFD293\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1A408C8-A7CF-439D-85E5-0DD8056A5908\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA37B07D-505E-414A-9E69-E2AAB239CA35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32BBCAC6-AB8D-4D68-A5E4-F7FBFC3F4B33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB1B75CD-C0BA-4046-A49E-9903B3B5972C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E07B64DB-E820-467B-A603-971970637FB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6813F466-42F8-4013-97A4-DA6E5D7C52F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B0FEB1C-1427-4875-82C6-7EBD2B262766\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1824EC58-BCB1-4876-8729-2B6FF2FF8D1D\"}]}]}],\"references\":[{\"url\":\"http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/66130\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Exploit\"]},{\"url\":\"http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/66130\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
  }
}

ghsa-m7xh-cr6w-qjx3

Vulnerability from github

Published

2022-05-17 04:10

Modified

2022-05-17 04:10

Details

Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-0781"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-03-14T10:55:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.",
  "id": "GHSA-m7xh-cr6w-qjx3",
  "modified": "2022-05-17T04:10:20Z",
  "published": "2022-05-17T04:10:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0781"
    },
    {
      "type": "WEB",
      "url": "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities"
    },
    {
      "type": "WEB",
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/66130"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets. Yokogawa CENTUM CS 3000 is a new generation of distributed control system, DCS system with WINDOWS XP as the operating platform. When the Yokogawa CENTUM CS 3000 processes the inbound message, the modules \"BKCLogSvr.exe\", \"BKHOdeq.exe\", \"BKBCopyD.exe\" have errors, and the malicious user sends the message to UDP port 52302, TCP port 20171, TCP port 20111. A specially crafted packet that an attacker can exploit to cause a heap buffer overflow. Yokogawa CENTUM CS3000 is prone to a heap-based buffer-overflow vulnerability. Successful exploits will allow attackers to crash the affected application, resulting in a denial-of-service condition. Due to the nature of this issue, code execution is also possible. Yokogawa CENTUM CS3000 R3.08.50 is vulnerable; other versions may also be affected. Yokogawa CENTUM CS is a set of large-scale production control system of Japan Yokogawa Electric Corporation (Yokogawa). The system is mainly used in multi-field factories

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201403-0445",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r3.07"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r3.08.70"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r3.04"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r3.08"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r3.08.50"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r3.09"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r3.05"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r3.06"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "yokogawa",
        "version": "r3.03"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r3.02"
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r3.01"
      },
      {
        "model": "centum cs 3000",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "yokogawa",
        "version": "r3.09.50"
      },
      {
        "model": "centum cs 3000 software",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "yokogawa electric",
        "version": "r3.09.50"
      },
      {
        "model": "centum cs3000 r3.09.50",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "yokogawa electric",
        "version": "\u003c="
      },
      {
        "model": "centum cs 3000",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "yokogawa",
        "version": "r3.09.50"
      },
      {
        "model": "r3.01",
        "scope": null,
        "trust": 0.2,
        "vendor": "centum cs 3000",
        "version": null
      },
      {
        "model": "r3.02",
        "scope": null,
        "trust": 0.2,
        "vendor": "centum cs 3000",
        "version": null
      },
      {
        "model": "r3.03",
        "scope": null,
        "trust": 0.2,
        "vendor": "centum cs 3000",
        "version": null
      },
      {
        "model": "r3.04",
        "scope": null,
        "trust": 0.2,
        "vendor": "centum cs 3000",
        "version": null
      },
      {
        "model": "r3.05",
        "scope": null,
        "trust": 0.2,
        "vendor": "centum cs 3000",
        "version": null
      },
      {
        "model": "r3.06",
        "scope": null,
        "trust": 0.2,
        "vendor": "centum cs 3000",
        "version": null
      },
      {
        "model": "r3.07",
        "scope": null,
        "trust": 0.2,
        "vendor": "centum cs 3000",
        "version": null
      },
      {
        "model": "r3.08",
        "scope": null,
        "trust": 0.2,
        "vendor": "centum cs 3000",
        "version": null
      },
      {
        "model": "r3.08.50",
        "scope": null,
        "trust": 0.2,
        "vendor": "centum cs 3000",
        "version": null
      },
      {
        "model": "r3.08.70",
        "scope": null,
        "trust": 0.2,
        "vendor": "centum cs 3000",
        "version": null
      },
      {
        "model": "r3.09",
        "scope": null,
        "trust": 0.2,
        "vendor": "centum cs 3000",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "centum cs 3000",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "285cd4bc-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01753"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001654"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0781"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-251"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "r3.09.50",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0781"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "juan vazquez",
    "sources": [
      {
        "db": "BID",
        "id": "66130"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-0781",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2014-0781",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2014-01753",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "285cd4bc-2352-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-68274",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-0781",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2014-01753",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201403-251",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "285cd4bc-2352-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-68274",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "285cd4bc-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01753"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68274"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001654"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0781"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-251"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets. Yokogawa CENTUM CS 3000 is a new generation of distributed control system, DCS system with WINDOWS XP as the operating platform. When the Yokogawa CENTUM CS 3000 processes the inbound message, the modules \\\"BKCLogSvr.exe\\\", \\\"BKHOdeq.exe\\\", \\\"BKBCopyD.exe\\\" have errors, and the malicious user sends the message to UDP port 52302, TCP port 20171, TCP port 20111. A specially crafted packet that an attacker can exploit to cause a heap buffer overflow. Yokogawa CENTUM CS3000 is prone to a heap-based buffer-overflow  vulnerability. \nSuccessful exploits will allow attackers to crash the affected application, resulting in a denial-of-service condition. Due to the nature of this issue, code execution is also possible. \nYokogawa CENTUM CS3000 R3.08.50 is vulnerable; other versions may also be affected. Yokogawa CENTUM CS is a set of large-scale production control system of Japan Yokogawa Electric Corporation (Yokogawa). The system is mainly used in multi-field factories",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0781"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001654"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01753"
      },
      {
        "db": "BID",
        "id": "66130"
      },
      {
        "db": "IVD",
        "id": "285cd4bc-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68274"
      }
    ],
    "trust": 2.7
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-68274",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-68274"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0781",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-070-01",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "66130",
        "trust": 2.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-251",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01753",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-133-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU98181377",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001654",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "57303",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "26255",
        "trust": 0.6
      },
      {
        "db": "IVD",
        "id": "285CD4BC-2352-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-68274",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "285cd4bc-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01753"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68274"
      },
      {
        "db": "BID",
        "id": "66130"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001654"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0781"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-251"
      }
    ]
  },
  "id": "VAR-201403-0445",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "285cd4bc-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01753"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68274"
      }
    ],
    "trust": 1.9
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "285cd4bc-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01753"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:21:23.689000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "YSAR-14-0001: CENTUM \u3092\u542b\u3080 YOKOGAWA \u88fd\u54c1\u306b\u8907\u6570\u306e\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027",
        "trust": 0.8,
        "url": "http://www.yokogawa.co.jp/dcs/security/ysar/ysar-14-0001.pdf"
      },
      {
        "title": "Patch for Yokogawa CENTUM CS Buffer Overflow Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/44339"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-01753"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001654"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-68274"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001654"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0781"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-070-01"
      },
      {
        "trust": 1.4,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0781"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/66130"
      },
      {
        "trust": 1.1,
        "url": "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0781"
      },
      {
        "trust": 0.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-133-01"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu98181377/index.html"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/57303"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/26255"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-01753"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68274"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001654"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0781"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-251"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "285cd4bc-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01753"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68274"
      },
      {
        "db": "BID",
        "id": "66130"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001654"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0781"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-251"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-03-18T00:00:00",
        "db": "IVD",
        "id": "285cd4bc-2352-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2014-03-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-01753"
      },
      {
        "date": "2014-03-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-68274"
      },
      {
        "date": "2014-03-11T00:00:00",
        "db": "BID",
        "id": "66130"
      },
      {
        "date": "2014-03-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001654"
      },
      {
        "date": "2014-03-14T10:55:05.817000",
        "db": "NVD",
        "id": "CVE-2014-0781"
      },
      {
        "date": "2014-03-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201403-251"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-07-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-01753"
      },
      {
        "date": "2015-08-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-68274"
      },
      {
        "date": "2014-10-13T00:01:00",
        "db": "BID",
        "id": "66130"
      },
      {
        "date": "2014-05-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001654"
      },
      {
        "date": "2015-08-05T15:45:09.840000",
        "db": "NVD",
        "id": "CVE-2014-0781"
      },
      {
        "date": "2014-03-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201403-251"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-251"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Yokogawa CENTUM CS Buffer Overflow Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "285cd4bc-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-01753"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow",
    "sources": [
      {
        "db": "IVD",
        "id": "285cd4bc-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-251"
      }
    ],
    "trust": 0.8
  }
}

CVE-2014-0781

Vulnerability from fkie_nvd

Published

2014-03-14 10:55

Modified

2024-11-21 02:02

Severity ?

Summary

Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.

References

URL	Tags
ics-cert@hq.dhs.gov	http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01	US Government Resource
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/66130
ics-cert@hq.dhs.gov	https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/66130
af854a3a-2127-422b-91ae-364da2661108	https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities	Exploit

Impacted products

Vendor	Product	Version
yokogawa	centum_cs_3000	*
yokogawa	centum_cs_3000	r3.01
yokogawa	centum_cs_3000	r3.02
yokogawa	centum_cs_3000	r3.03
yokogawa	centum_cs_3000	r3.04
yokogawa	centum_cs_3000	r3.05
yokogawa	centum_cs_3000	r3.06
yokogawa	centum_cs_3000	r3.07
yokogawa	centum_cs_3000	r3.08
yokogawa	centum_cs_3000	r3.08.50
yokogawa	centum_cs_3000	r3.08.70
yokogawa	centum_cs_3000	r3.09

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CECD111-9739-48AA-8ABD-D32757AA93CF",
              "versionEndIncluding": "r3.09.50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "40831829-1F44-439C-9A19-7DAAFD36E32F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4F916DD-24BC-4955-9C30-A52C2A41B69C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "D660F6DA-8694-4F23-B967-299953DFD293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A408C8-A7CF-439D-85E5-0DD8056A5908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA37B07D-505E-414A-9E69-E2AAB239CA35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "32BBCAC6-AB8D-4D68-A5E4-F7FBFC3F4B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1B75CD-C0BA-4046-A49E-9903B3B5972C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07B64DB-E820-467B-A603-971970637FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "6813F466-42F8-4013-97A4-DA6E5D7C52F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B0FEB1C-1427-4875-82C6-7EBD2B262766",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*",
              "matchCriteriaId": "1824EC58-BCB1-4876-8729-2B6FF2FF8D1D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en BKCLogSvr.exe en Yokogawa CENTUM CS 3000 R3.09.50 y anteriores permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de paquetes UDP manipulados."
    }
  ],
  "id": "CVE-2014-0781",
  "lastModified": "2024-11-21T02:02:47.663",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-03-14T10:55:05.817",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "http://www.securityfocus.com/bid/66130"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Exploit"
      ],
      "url": "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/66130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2014-0781

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.

Aliases

CVE-2014-0781

Aliases

CVE-2014-0781

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-0781",
    "description": "Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.",
    "id": "GSD-2014-0781"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-0781"
      ],
      "details": "Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.",
      "id": "GSD-2014-0781",
      "modified": "2023-12-13T01:22:43.989989Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2014-0781",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01",
            "refsource": "MISC",
            "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01"
          },
          {
            "name": "66130",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/66130"
          },
          {
            "name": "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities",
            "refsource": "MISC",
            "url": "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "r3.09.50",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-0781"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01",
              "refsource": "MISC",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01"
            },
            {
              "name": "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities"
            },
            {
              "name": "66130",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/66130"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-08-05T15:45Z",
      "publishedDate": "2014-03-14T10:55Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2014-0781

Vulnerability from cvelistv5

ghsa-m7xh-cr6w-qjx3

Vulnerability from github

var-201403-0445

Vulnerability from variot

CVE-2014-0781

Vulnerability from fkie_nvd

gsd-2014-0781

Vulnerability from gsd

Tags

Sightings

Nomenclature