Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CNVD-2015-05997
Vulnerability from cnvd - Published: 2015-09-16
VLAI Severity ?
Title
Yokogawa多个产品栈缓冲区溢出漏洞
Description
Yokogawa日本横河电机株式会社是测量、工业自动化控制、和信息系统的领导者。
多个Yokogawa产品中存在栈缓冲区溢出漏洞,攻击者通过发送构造的数据包,利用此漏洞造成网络通讯不响应。
Severity
高
Patch Name
Yokogawa多个产品栈缓冲区溢出漏洞的补丁
Patch Description
Yokogawa日本横河电机株式会社是测量、工业自动化控制、和信息系统的领导者。多个Yokogawa产品中存在栈缓冲区溢出漏洞,攻击者通过发送构造的数据包,利用此漏洞造成网络通讯不响应。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://plus.yokogawa.co.jp/gw/gw.po?c-id=000498
Reference
https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01
Impacted products
| Name | ['yokogawa Exaopc <=R3.72.00', 'yokogawa CENTUM CENTUM VP Entry', 'yokogawa CENTUM CENTUM VP', 'yokogawa CENTUM CENTUM CS 3000 Entry', 'yokogawa CENTUM CENTUM CS 3000', 'yokogawa CENTUM CENTUM CS 1000'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-5626"
}
},
"description": "Yokogawa\u65e5\u672c\u6a2a\u6cb3\u7535\u673a\u682a\u5f0f\u4f1a\u793e\u662f\u6d4b\u91cf\u3001\u5de5\u4e1a\u81ea\u52a8\u5316\u63a7\u5236\u3001\u548c\u4fe1\u606f\u7cfb\u7edf\u7684\u9886\u5bfc\u8005\u3002\r\n\r\n\u591a\u4e2aYokogawa\u4ea7\u54c1\u4e2d\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u53d1\u9001\u6784\u9020\u7684\u6570\u636e\u5305\uff0c\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u7f51\u7edc\u901a\u8baf\u4e0d\u54cd\u5e94\u3002",
"discovererName": "yokogawa",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://plus.yokogawa.co.jp/gw/gw.po?c-id=000498",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-05997",
"openTime": "2015-09-16",
"patchDescription": "Yokogawa\u65e5\u672c\u6a2a\u6cb3\u7535\u673a\u682a\u5f0f\u4f1a\u793e\u662f\u6d4b\u91cf\u3001\u5de5\u4e1a\u81ea\u52a8\u5316\u63a7\u5236\u3001\u548c\u4fe1\u606f\u7cfb\u7edf\u7684\u9886\u5bfc\u8005\u3002\u591a\u4e2aYokogawa\u4ea7\u54c1\u4e2d\u5b58\u5728\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u53d1\u9001\u6784\u9020\u7684\u6570\u636e\u5305\uff0c\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u7f51\u7edc\u901a\u8baf\u4e0d\u54cd\u5e94\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Yokogawa\u591a\u4e2a\u4ea7\u54c1\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"yokogawa Exaopc \u003c=R3.72.00",
"yokogawa CENTUM CENTUM VP Entry",
"yokogawa CENTUM CENTUM VP",
"yokogawa CENTUM CENTUM CS 3000 Entry",
"yokogawa CENTUM CENTUM CS 3000",
"yokogawa CENTUM CENTUM CS 1000"
]
},
"referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01",
"serverity": "\u9ad8",
"submitTime": "2015-09-15",
"title": "Yokogawa\u591a\u4e2a\u4ea7\u54c1\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
CVE-2015-5626 (GCVE-0-2015-5626)
Vulnerability from cvelistv5 – Published: 2020-02-05 18:46 – Updated: 2024-08-06 06:59
VLAI?
EPSS
Summary
Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet.
Severity ?
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Yokogawa | CENTUM CS 1000 |
Affected:
R3.08.70 and earlier
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:59:02.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CENTUM CS 1000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.08.70 and earlier"
}
]
},
{
"product": "CENTUM CS 3000",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM CS 3000 Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.09.50 and earlier"
}
]
},
{
"product": "CENTUM VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "CENTUM VP Entry",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.04.20 and earlier"
}
]
},
{
"product": "ProSafe-RS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.02.10 and earlier"
}
]
},
{
"product": "Exaopc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.72.00 and earlier"
}
]
},
{
"product": "Exaquantum",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.85.00 and earlier"
}
]
},
{
"product": "Exaquantum/Batch",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.50.30 and earlier"
}
]
},
{
"product": "Exapilot",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.96.10 and earlier"
}
]
},
{
"product": "Exaplog",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40.00 and earlier"
}
]
},
{
"product": "Exasmoc",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Exarqe",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R4.03.20 and earlier"
}
]
},
{
"product": "Field Wireless Device OPC Server",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R2.01.02 and earlier"
}
]
},
{
"product": "PRM",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.12.00 and earlier"
}
]
},
{
"product": "STARDOM VDS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.30.01 and earlier"
}
]
},
{
"product": "STARDOM OPC Server for Windows",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R3.40 and earlier"
}
]
},
{
"product": "FAST/TOOLS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R10.01 and earlier"
}
]
},
{
"product": "B/M9000CS",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R5.05.01 and earlier"
}
]
},
{
"product": "B/M9000 VP",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R7.03.04 and earlier"
}
]
},
{
"product": "FieldMate",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "R1.01"
},
{
"status": "affected",
"version": "R1.02"
}
]
}
],
"datePublic": "2015-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T18:46:05",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CENTUM CS 1000",
"version": {
"version_data": [
{
"version_value": "R3.08.70 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM CS 3000 Entry",
"version": {
"version_data": [
{
"version_value": "R3.09.50 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "CENTUM VP Entry",
"version": {
"version_data": [
{
"version_value": "R5.04.20 and earlier"
}
]
}
},
{
"product_name": "ProSafe-RS",
"version": {
"version_data": [
{
"version_value": "R3.02.10 and earlier"
}
]
}
},
{
"product_name": "Exaopc",
"version": {
"version_data": [
{
"version_value": "R3.72.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum",
"version": {
"version_data": [
{
"version_value": "R2.85.00 and earlier"
}
]
}
},
{
"product_name": "Exaquantum/Batch",
"version": {
"version_data": [
{
"version_value": "R2.50.30 and earlier"
}
]
}
},
{
"product_name": "Exapilot",
"version": {
"version_data": [
{
"version_value": "R3.96.10 and earlier"
}
]
}
},
{
"product_name": "Exaplog",
"version": {
"version_data": [
{
"version_value": "R3.40.00 and earlier"
}
]
}
},
{
"product_name": "Exasmoc",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Exarqe",
"version": {
"version_data": [
{
"version_value": "R4.03.20 and earlier"
}
]
}
},
{
"product_name": "Field Wireless Device OPC Server",
"version": {
"version_data": [
{
"version_value": "R2.01.02 and earlier"
}
]
}
},
{
"product_name": "PRM",
"version": {
"version_data": [
{
"version_value": "R3.12.00 and earlier"
}
]
}
},
{
"product_name": "STARDOM VDS",
"version": {
"version_data": [
{
"version_value": "R7.30.01 and earlier"
}
]
}
},
{
"product_name": "STARDOM OPC Server for Windows",
"version": {
"version_data": [
{
"version_value": "R3.40 and earlier"
}
]
}
},
{
"product_name": "FAST/TOOLS",
"version": {
"version_data": [
{
"version_value": "R10.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000CS",
"version": {
"version_data": [
{
"version_value": "R5.05.01 and earlier"
}
]
}
},
{
"product_name": "B/M9000 VP",
"version": {
"version_data": [
{
"version_value": "R7.03.04 and earlier"
}
]
}
},
{
"product_name": "FieldMate",
"version": {
"version_data": [
{
"version_value": "R1.01"
},
{
"version_value": "R1.02"
}
]
}
}
]
},
"vendor_name": "Yokogawa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01"
},
{
"name": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf",
"refsource": "CONFIRM",
"url": "http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-5626",
"datePublished": "2020-02-05T18:46:05",
"dateReserved": "2015-07-24T00:00:00",
"dateUpdated": "2024-08-06T06:59:02.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…