Yokogawa CENTUM CS 3000 Stack-based Buffer Overflow

Summary

CVE	CVE-2014-0782
State	PUBLISHED
Assigner	icscert
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-05-16 11:12:00 UTC
Updated	2026-05-06 22:30:45 UTC
Description	Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.

Risk And Classification

Primary CVSS: v2.0 8.3 from [email protected]

AV:N/AC:M/Au:N/C:P/I:P/A:C

Problem Types: CWE-121 | CWE-119 | CWE-121 CWE-121

Version	Source	Type	Score	Vector
2.0	[email protected]	Primary	8.3	`AV:N/AC:M/Au:N/C:P/I:P/A:C`
2.0	[email protected]	Secondary	8.3	`AV:N/AC:M/Au:N/C:P/I:P/A:C`
2.0	CNA	CVSS	8.3	`AV:N/AC:M/Au:N/C:P/I:P/A:C`

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Complete

AV:N/AC:M/Au:N/C:P/I:P/A:C

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Yokogawa	B/m9000cs	-	All	All	All
Application	Yokogawa	B/m9000cs Software	All	All	All	All
Hardware	Yokogawa	B/m9000 Vp	-	All	All	All
Application	Yokogawa	B/m9000 Vp Software	All	All	All	All
Hardware	Yokogawa	Centum Cs 1000	-	All	All	All
Application	Yokogawa	Centum Cs 1000 Software	-	All	All	All
Hardware	Yokogawa	Centum Cs 3000	-	All	All	All
Hardware	Yokogawa	Centum Cs 3000 Entry Class	-	All	All	All
Application	Yokogawa	Centum Cs 3000 Entry Class Software	All	All	All	All
Application	Yokogawa	Centum Cs 3000 Software	All	All	All	All
Hardware	Yokogawa	Centum Vp	-	All	All	All
Hardware	Yokogawa	Centum Vp Entry Class	-	All	All	All
Application	Yokogawa	Centum Vp Entry Class Software	All	All	All	All
Application	Yokogawa	Centum Vp Software	All	All	All	All
Application	Yokogawa	Exaopc	All	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Yokogawa	CENTUM CS 3000	affected R3.09.50 custom	Not specified

References

Reference	Source	Link	Tags
Yokogawa Multiple Products Vulnerabilities \| ICS-CERT	af854a3a-2127-422b-91ae-364da2661108	ics-cert.us-cert.gov	US Government Resource
community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-v...	[email protected]	community.rapid7.com
www.cisa.gov/news-events/ics-advisories/icsa-14-070-01a	[email protected]	www.cisa.gov
Sitemap \| Yokogawa Electric Corporation	af854a3a-2127-422b-91ae-364da2661108	www.yokogawa.com	Vendor Advisory
www.securityfocus.com/bid/66130	[email protected]	www.securityfocus.com
www.yokogawa.com/dcs/security/ysar/dcs-ysar-index-en.htm.	[email protected]	www.yokogawa.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

CNA: Juan Vazquez of Rapid7 Inc. (en)

Additional Advisory Data

Solutions

CNA: Yokogawa has created a patch (CENTUM CS 3000 R3.09.73 and R3.09.75) to mitigate the reported vulnerabilities. To activate the patch software, the computer needs to be rebooted. Older versions of the CENTUM CS 3000 will need to be updated to the latest version of R3.09.50 before installing the patch software. Yokogawa also suggests all customers introduce appropriate security measures to the overall system, not just for the vulnerabilities identified. For more information, please see the advisory that Yokogawa has published regarding this issue here: http://www.yokogawa.com/dcs/security/ysar/dcs-ysar-index-en.htm .

There are currently no legacy QID mappings associated with this CVE.