Vulnerabilities > CVE-2015-5626 - Out-of-bounds Write vulnerability in Yokogawa products

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

yokogawa

CWE-787

critical

NVD

Published: 2020-02-05

Updated: 2020-02-12

Summary

Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet.

Vulnerable Configurations

Part	Description	Count
OS	Yokogawa Yokogawa Centum CS 1000 Firmware R3.08.70 Yokogawa Centum CS 3000 Firmware R3.09.50 Yokogawa Centum CS 3000 Entry Firmware R3.09.50 Yokogawa Centum VP Firmware R5.04.20 Yokogawa Centum VP Entry Firmware R5.04.20 Yokogawa Prosafe RS Firmware R3.02.10 Yokogawa Field Wireless Device OPC Server R2.01.02 Yokogawa B/M9000Cs Firmware R5.05.01 Yokogawa B/M9000 VP Firmware * Yokogawa Stardom OPC Server R3.40	10
Hardware	Yokogawa Yokogawa Centum CS 1000 - Yokogawa Centum CS 3000 - Yokogawa Centum CS 3000 Entry - Yokogawa Centum VP - Yokogawa Centum VP Entry - Yokogawa Prosafe RS - Yokogawa Field Wireless Device OPC Server - Yokogawa B/M9000Cs - Yokogawa B/M9000 VP - Yokogawa Stardom OPC Server -	10
Application	Yokogawa Yokogawa Exaopc - Yokogawa Exaopc 3.71.02 Yokogawa Exaopc 3.71.10 Yokogawa Exaopc 3.72.00 Yokogawa Exaopc R1.01.00 Yokogawa Exaopc R3.72.00 Yokogawa Exapilot R3.96.10 Yokogawa Exaplog - Yokogawa Exaplog R1.10.00 Yokogawa Exaplog R3.30.00 Yokogawa Exaplog R3.40.00 Yokogawa Exaquantum - Yokogawa Exaquantum R1.10.00 Yokogawa Exaquantum R2.85.00 Yokogawa Exaquantum/Batch - Yokogawa Exaquantum/Batch R1.01.00 Yokogawa Exaquantum/Batch R2.50.30 Yokogawa Exarqe - Yokogawa Exarqe R4.03.20 Yokogawa Exasmoc - Yokogawa Exasmoc R4.03.20 Yokogawa Plant Resource Manager R3.12.00 Yokogawa Scada Software (Fast/Tools) R10.01 Yokogawa Versatile Data Server Software * Yokogawa Fieldmate R1.01 Yokogawa Fieldmate R1.02	26

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References