CVE-2014-0781
🔴 Łataj teraz
Przepełnienie bufora w BKCLogSvr.exe w Yokogawa CENTUM CS 3000 umożliwia zdalne wykonanie kodu.
CVSS
9.3
EPSS
7.5%
Exploit
poc
Vendor
yokogawa
Opis źródłowy (NVD)
Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.
buffer-overflow exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.3 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 7.5% |
| Opublikowano (NVD) | 2014-03-14 10:55:05 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-06 22:30:45 UTC |
Referencje
- http://www.securityfocus.com/bid/66130 (ics-cert@hq.dhs.gov)
- http://www.yokogawa.com/dcs/security/ysar/dcs-ysar-index-en.htm. (ics-cert@hq.dhs.gov)
- https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities (ics-cert@hq.dhs.gov) [Exploit]
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-070-01a (ics-cert@hq.dhs.gov)
- http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01 (af854a3a-2127-422b-91ae-364da2661108) [US Government Resource]