← back
CVE-2014-0781

Yokogawa CENTUM CS 3000 Heap-based Buffer Overflow

CVSS 9.3 EPSS 25.4%CWE-122
Vexday Risk Score
48Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.3EPSS 25.4%KEV nãoPoC Nuclei Metasploit simPatch
Lifecycle
10 Mar 2014Metasploit module available
14 Mar 2014Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected products
Yokogawa · CENTUM CS 3000

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilitieshttps://www.cisa.gov/news-events/ics-advisories/icsa-14-070-01ahttp://www.securityfocus.com/bid/66130http://www.yokogawa.com/dcs/security/ysar/dcs-ysar-index-en.htm.