Multiple Yokogawa Products Simulator Management Process Stack Buffer Overflow Vulnerability
16 Aug. 2014
Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.
The information has been provided by juan vazquez.
* Yokogawa CENTUM CS 1000
* CENTUM CS 3000 Entry Class R3.09.50 and earlier
* CENTUM VP R5.03.00 and earlier
* CENTUM VP Entry Class R5.03.00 and earlier
* Exaopc R3.71.02 and earlier
* B/M9000CS R5.05.01 and earlier
* B/M9000 VP R7.03.01 and earlier
* CENTUM CS later to 3000 Entry Class R3.09.50
* CENTUM VP later to R5.03.00
* CENTUM VP later to Entry Class R5.03.00
* Exaopc later to R3.71.02
* B/M9000CS later to R5.05.01
* B/M9000 later to VP R7.03.01
Multiple Yokogawa products are prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successful exploits may allow an attacker to execute arbitrary code with system privileges. Failed attempts will likely cause a denial-of-service condition.