Signature Detail

SCADA: Yokogawa BKFSim CVE-2014-3888 Stack Buffer Overflow

This signature detects an attempt to exploit a known vulnerability against Yokogawa SCADA based application. Successful exploitation could allow an attacker to craft a malicious packet, crash the running service and could lead to further attacks.

Extended Description

Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.

Affected Products

• Yokogawa b/m9000cs -
• Yokogawa b/m9000cs_software 5.05.01
• Yokogawa b/m9000_vp -
• Yokogawa b/m9000_vp_software 7.03.01
• Yokogawa centum_cs_1000 -
• Yokogawa centum_cs_1000_software -
• Yokogawa centum_cs_3000 -
• Yokogawa centum_cs_3000_entry_class -
• Yokogawa centum_cs_3000_entry_class_software 3.09.50
• Yokogawa centum_cs_3000_software 2.23.00
• Yokogawa centum_vp -
• Yokogawa centum_vp_entry_class -
• Yokogawa centum_vp_entry_class_software 5.03.00
• Yokogawa centum_vp_software 4.03.00
• Yokogawa centum_vp_software 5.03.20
• Yokogawa exaopc 3.71.02
• Yokogawa exaopc 3.72.00

References

• BugTraq: 68428
• CVE: CVE-2014-3888
• URL: http://jvn.jp/vu/JVNVU95045914/index.html
• URL: http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdf
• URL: https://community.rapid7.com/community/metasploit/blog/2014/07/07/r7-2014-06-disclosure-yokogawa-centum-cs-3000-bkfsimvhfdexe-buffer-overflow