CVE-2014-0782

Name of the Vulnerable Software and Affected Versions Yokogawa CENTUM CS 1000 versions prior to R3.09.50 Yokogawa CENTUM CS 3000 Entry Class versions prior to R3.09.50 Yokogawa CENTUM VP versions prior to R5.03.00 Yokogawa CENTUM VP Entry Class versions prior to R5.03.00 Yokogawa Exaopc versions prior to R3.71.02 Yokogawa B/M9000CS versions prior to R5.05.01 Yokogawa B/M9000 VP versions prior to R7.03.01

Description The issue is caused by a stack-based buffer overflow in the BKESimmgr.exe service. This can be exploited by sending a specially crafted packet to port 34205 / TCP, allowing a remote attacker to execute arbitrary code and potentially elevate their privileges.

Recommendations For Yokogawa CENTUM CS 1000 versions prior to R3.09.50, update to a version later than R3.09.50. For Yokogawa CENTUM CS 3000 Entry Class versions prior to R3.09.50, update to a version later than R3.09.50. For Yokogawa CENTUM VP versions prior to R5.03.00, update to a version later than R5.03.00. For Yokogawa CENTUM VP Entry Class versions prior to R5.03.00, update to a version later than R5.03.00. For Yokogawa Exaopc versions prior to R3.71.02, update to a version later than R3.71.02. For Yokogawa B/M9000CS versions prior to R5.05.01, update to a version later than R5.05.01. For Yokogawa B/M9000 VP versions prior to R7.03.01, update to a version later than R7.03.01.