Skip to main content

Severity by source

NVD PRIMARY
8.3 HIGH
AV:N/AC:M/Au:N/C:P/I:P/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:P/A:C
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
C

Lifecycle Timeline

1
CVE Published
Jul 10, 2014 - 11:06 cve.org
HIGH 8.3

DescriptionCVE.org

Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.

AnalysisAI

Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 29.0%.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet. Affected products include: Yokogawa Exaopc, Yokogawa B\/M9000Cs Software, Yokogawa B\/M9000Cs, Yokogawa Centum Vp Entry Class Software, Yokogawa Centum Vp Entry Class.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

More in Exaopc

View all
CVE-2014-0782 HIGH POC
8.3 May 16

Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM C

CVE-2014-5208 HIGH POC
7.5 Dec 22

BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00

CVE-2022-23402 CRITICAL
9.8 Mar 11

The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5

CVE-2022-21194 CRITICAL
9.8 Mar 11

The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial c

CVE-2022-30707 HIGH
8.8 Jun 28

Violation of secure design principles exists in the communication of CAMS for HIS. Rated high severity (CVSS 8.8), this

CVE-2022-22729 HIGH
8.8 Mar 11

CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets.

CVE-2022-21808 HIGH
8.8 Mar 11

Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM

CVE-2022-22151 HIGH
8.1 Mar 11

CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs:

CVE-2022-22145 HIGH
8.1 Mar 11

CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource con

CVE-2022-21177 HIGH
8.1 Mar 11

There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products

CVE-2023-26593 HIGH
7.8 Apr 11

CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. Ra

CVE-2022-23401 HIGH
7.8 Mar 11

The following Yokogawa Electric products contain insecure DLL loading issues. Rated high severity (CVSS 7.8), this vulne

Share

CVE-2014-3888 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy