CVE-2014-3888 (GCVE-0-2014-3888)
Vulnerability from cvelistv5
Published
2014-07-10 10:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
24.78% (0.95777)
Summary
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.
References
vultures@jpcert.or.jphttp://ics-cert.us-cert.gov/advisories/ICSA-14-189-01Third Party Advisory, US Government Resource
vultures@jpcert.or.jphttp://osvdb.org/show/osvdb/108756
vultures@jpcert.or.jphttp://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.htmlExploit
vultures@jpcert.or.jphttp://www.exploit-db.com/exploits/34009
vultures@jpcert.or.jphttp://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/show/osvdb/108756
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/34009
af854a3a-2127-422b-91ae-364da2661108http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdfVendor Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:57:17.922Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf",
               },
               {
                  name: "34009",
                  tags: [
                     "exploit",
                     "x_refsource_EXPLOIT-DB",
                     "x_transferred",
                  ],
                  url: "http://www.exploit-db.com/exploits/34009",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01",
               },
               {
                  name: "108756",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/show/osvdb/108756",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-07-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2015-05-12T18:57:00",
            orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            shortName: "jpcert",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf",
            },
            {
               name: "34009",
               tags: [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
               ],
               url: "http://www.exploit-db.com/exploits/34009",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01",
            },
            {
               name: "108756",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/show/osvdb/108756",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "vultures@jpcert.or.jp",
               ID: "CVE-2014-3888",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf",
                     refsource: "CONFIRM",
                     url: "http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf",
                  },
                  {
                     name: "34009",
                     refsource: "EXPLOIT-DB",
                     url: "http://www.exploit-db.com/exploits/34009",
                  },
                  {
                     name: "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01",
                     refsource: "MISC",
                     url: "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01",
                  },
                  {
                     name: "108756",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/show/osvdb/108756",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce",
      assignerShortName: "jpcert",
      cveId: "CVE-2014-3888",
      datePublished: "2014-07-10T10:00:00",
      dateReserved: "2014-05-27T00:00:00",
      dateUpdated: "2024-08-06T10:57:17.922Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.72.00\", \"matchCriteriaId\": \"ED3E0C7C-986A-4A07-847F-D40D194C8A06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:exaopc:3.71.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD8C689E-7952-43A8-82F7-C9FA4591899C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:b\\\\/m9000cs_software:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.05.01\", \"matchCriteriaId\": \"B08DC609-2458-419B-BC7C-ED97E126E476\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:yokogawa:b\\\\/m9000cs:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6C0600F-87E0-4CE5-ACB9-49F160DB3D33\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_vp_entry_class_software:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.03.00\", \"matchCriteriaId\": \"DC1C581A-7E30-442A-898B-76C0E35B8376\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:yokogawa:centum_vp_entry_class:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D1FD75F-66BF-423E-A491-E5689C7B6AEF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_vp_software:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.03.20\", \"matchCriteriaId\": \"31AF6BF2-A797-439D-AAC5-A6C4E8D6D34F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_vp_software:4.03.00:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41986FD4-F223-4B3C-917F-B132AA082B70\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"161A4767-228C-4681-9D20-81D9380CE48A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:b\\\\/m9000_vp_software:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.03.01\", \"matchCriteriaId\": \"8D447032-B9EA-4FDF-A61B-DD5D2BAF6910\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:yokogawa:b\\\\/m9000_vp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59BD08BA-2C44-4BD0-BAA1-AC9D304E2DAF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40831829-1F44-439C-9A19-7DAAFD36E32F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4F916DD-24BC-4955-9C30-A52C2A41B69C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D660F6DA-8694-4F23-B967-299953DFD293\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1A408C8-A7CF-439D-85E5-0DD8056A5908\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA37B07D-505E-414A-9E69-E2AAB239CA35\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32BBCAC6-AB8D-4D68-A5E4-F7FBFC3F4B33\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB1B75CD-C0BA-4046-A49E-9903B3B5972C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E07B64DB-E820-467B-A603-971970637FB1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6813F466-42F8-4013-97A4-DA6E5D7C52F8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B0FEB1C-1427-4875-82C6-7EBD2B262766\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1824EC58-BCB1-4876-8729-2B6FF2FF8D1D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000:r3.09.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B948C6E-88E0-4255-BBFF-06EA3EE3E532\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000_software:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.23.00\", \"matchCriteriaId\": \"2B32F16C-DDF7-4D36-9C2F-28360378C056\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_1000_software:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CBB5E05-B97C-47BF-9D96-ED5B2B40C978\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7E67CC9-AE79-4CEC-8B35-C191EB32760C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:yokogawa:centum_cs_3000_entry_class_software:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.09.50\", \"matchCriteriaId\": \"2B45F61B-53C2-4FE4-B2E9-62130E15948D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:yokogawa:centum_cs_3000_entry_class:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDF69433-979D-470A-85E5-4734E5998F63\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de buffer basado en pila en BKFSim_vhfd.exe en Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 y anteriores, CENTUM VP R5.03.20 y anteriores, Exaopc R3.72.00 y anteriores, B/M9000CS R5.05.01 y anteriores y B/M9000 VP R7.03.01 y anteriores, cuando FCS/Test Function est\\u00e1 habilitada, permite a atacantes remotos ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de un paquete manipulado.\"}]",
         id: "CVE-2014-3888",
         lastModified: "2024-11-21T02:09:04.023",
         metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:C\", \"baseScore\": 8.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 8.5, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
         published: "2014-07-10T11:06:28.880",
         references: "[{\"url\": \"http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://osvdb.org/show/osvdb/108756\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.exploit-db.com/exploits/34009\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://osvdb.org/show/osvdb/108756\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.exploit-db.com/exploits/34009\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
         sourceIdentifier: "vultures@jpcert.or.jp",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2014-3888\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2014-07-10T11:06:28.880\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de buffer basado en pila en BKFSim_vhfd.exe en Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 y anteriores, CENTUM VP R5.03.20 y anteriores, Exaopc R3.72.00 y anteriores, B/M9000CS R5.05.01 y anteriores y B/M9000 VP R7.03.01 y anteriores, cuando FCS/Test Function está habilitada, permite a atacantes remotos ejecutar código arbitrario a través de un paquete manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:C\",\"baseScore\":8.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":8.5,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.72.00\",\"matchCriteriaId\":\"ED3E0C7C-986A-4A07-847F-D40D194C8A06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:exaopc:3.71.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD8C689E-7952-43A8-82F7-C9FA4591899C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:b\\\\/m9000cs_software:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.05.01\",\"matchCriteriaId\":\"B08DC609-2458-419B-BC7C-ED97E126E476\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:yokogawa:b\\\\/m9000cs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6C0600F-87E0-4CE5-ACB9-49F160DB3D33\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_vp_entry_class_software:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.03.00\",\"matchCriteriaId\":\"DC1C581A-7E30-442A-898B-76C0E35B8376\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:yokogawa:centum_vp_entry_class:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D1FD75F-66BF-423E-A491-E5689C7B6AEF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_vp_software:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.03.20\",\"matchCriteriaId\":\"31AF6BF2-A797-439D-AAC5-A6C4E8D6D34F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_vp_software:4.03.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41986FD4-F223-4B3C-917F-B132AA082B70\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"161A4767-228C-4681-9D20-81D9380CE48A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:b\\\\/m9000_vp_software:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.03.01\",\"matchCriteriaId\":\"8D447032-B9EA-4FDF-A61B-DD5D2BAF6910\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:yokogawa:b\\\\/m9000_vp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59BD08BA-2C44-4BD0-BAA1-AC9D304E2DAF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40831829-1F44-439C-9A19-7DAAFD36E32F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4F916DD-24BC-4955-9C30-A52C2A41B69C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D660F6DA-8694-4F23-B967-299953DFD293\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1A408C8-A7CF-439D-85E5-0DD8056A5908\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA37B07D-505E-414A-9E69-E2AAB239CA35\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32BBCAC6-AB8D-4D68-A5E4-F7FBFC3F4B33\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.07:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB1B75CD-C0BA-4046-A49E-9903B3B5972C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E07B64DB-E820-467B-A603-971970637FB1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6813F466-42F8-4013-97A4-DA6E5D7C52F8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.08.70:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B0FEB1C-1427-4875-82C6-7EBD2B262766\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.09:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1824EC58-BCB1-4876-8729-2B6FF2FF8D1D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000:r3.09.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B948C6E-88E0-4255-BBFF-06EA3EE3E532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000_software:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.23.00\",\"matchCriteriaId\":\"2B32F16C-DDF7-4D36-9C2F-28360378C056\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAF123F6-D4A3-49B3-B8BC-14AA63E3A46A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_1000_software:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CBB5E05-B97C-47BF-9D96-ED5B2B40C978\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7E67CC9-AE79-4CEC-8B35-C191EB32760C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:yokogawa:centum_cs_3000_entry_class_software:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.09.50\",\"matchCriteriaId\":\"2B45F61B-53C2-4FE4-B2E9-62130E15948D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:yokogawa:centum_cs_3000_entry_class:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDF69433-979D-470A-85E5-4734E5998F63\"}]}]}],\"references\":[{\"url\":\"http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://osvdb.org/show/osvdb/108756\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.exploit-db.com/exploits/34009\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://osvdb.org/show/osvdb/108756\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.exploit-db.com/exploits/34009\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.