1 / 3
YSAR-14-0002E
Yokogawa Security Advisory Report
All Rights Reserved. Copyright © 2014, Yokogawa Electric Corporation
Yokogawa Security Ad visory Report
YSAR-14-0002E
Published on July 7, 2014
Last updated on December 22, 2017
YSAR-14-0002E: Buffer Overflow Vulnerability in CENTUM systems and Exaopc
Overview:
A computer where CENTUM system or Exaopc is installed has been found with a buffer overflow
vulnerability when Expanded Test Functions are in use. After the investigation, Yokogawa
identified the range of products that could be influenced by the vulnerability and summarized the
countermeasures in this document.
Go over the report and confirm which products are affected in order t o cons ider sec urity mea sures
for the overall systems. Also please consider applying the countermeasures introduced here as
needed.
Affected Products:
Following are t he products that would be affected by the vulnerability reported in this document.
Any computer on which t hese products are inst alled has vulnera bi lit y.
CENTUM CS 1000, CENTUM CS 3000, CENTUM CS 3000 Entry Class,
CENTUM VP, CENTUM VP Entry Class,
Exaopc, B/M9000CS, B/M9000 VP
For details of their revisions, please see <Table 1: List of Products affected by Vulnerabilities and
Countermeasures>.
Vulnerability - Communication Simulation Process in the Expanded Test Functions:
<Affected Packages: Expanded Test F unctions Package>
<Condition of occur rence: When Expanded Test Functions are in use>
On a computer where the affected pack age(s) of the affected prod uct i s installed, if an intentionally crafted
packet is transmitted to the process which simulates c ontrol network communication while the expanded
test functions being executed, a buffer overflow occurs and the ex panded test functions are disabled. There
is a potential risk that successful exploitation of this vulnerabili t y allows remote att acke rs to execute
arbitrary code.
CVSS Base Score: 8.3, Temporal Score: 6.9
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiali ty Impact (C): Partial
Integrity Impact (I): Partial
Availability Impact (A): Complete
Exploitability: Functional
Remediation Level: Official Fix
Report Confidence: Confirmed
2 / 3
YSAR-14-0002E
Yokogawa Security Advisory Report
All Rights Reserved. Copyright © 2014, Yokogawa Electric Corporation
Countermeasures:
Yokogawa provides patch software for the l atest revisions of the affected products. By i nst all i ng the
patch software, the vulnerabilities found this time are corrected. F or details about indivi dual
countermeasures by the affected product, please refer to < T able 1: List of Products affect ed by
Vulnerabilities and Count ermea su res >.
To activate the patch software, the computer needs to be rebooted.
In case the system uses earlier versions of the software, than the ones for which the software
patches are provided, please upgrade to the revisions/versions as mentioned in the table and then
apply for the software patches.
When Yokogawa service personnel perform updating the revision and application t he software patch,
those charges are borne by the customer.
Yokogawa strongly suggests all customers to introduce appropriate security measures not only for t he
vulnerabilities i dentified but also to the overall systems.
* Contact Yokogawa supports & services when your system is difficult to update to the latest revision.
Acknowledgement:
Yokogawa thanks to t he following organization s and persons for the i r support and cooperation in finding
CENTUM CS 3000 vulnerabilities.
・ Mr. Juan Vazquez of Rapid 7 Inc.
・ Mr. Julian Vilas Diaz
・ CERT/CC, NCCIC/ICS-CERT and JPCERT/CC
Supports and Services:
For questions related to this document or how to obtain the patch software, please contact Yokogawa
service department or access the below URL for more details.
https://contact.yokogawa.com/cs/gw?c-id=000498
Table 1: List of Products affected by Vulnerabilities and Countermeasures
Products Affected Revisions Countermeasures (Pat c h software for the latest revisio n or the latest
revision of products)
CENTUM CS 1000
All revisions
End of support ( * 1)
CENTUM CS 3000
CENTUM CS 3000
Entry Class
R2.23.00 or ea rlier
End of support ( * 1)
R3.09.50 or ea rlier Patch Software for R3.09.50 (R3.09.79)
CENTUM VP
CENTUM VP Entry
Class
R4.03.00 or ea rlier
Patch Software for R4.03.00 (R4.03.56)
R5.03.20 or ear l ier Patch Software for R5.03.20 (R5.03.51)
Exaopc
(Only Server)
R3.72.00 or ea rlier Patch Software for R3.72.00 (R3.72.03)
B/M9000CS
R5.05.01 or ea rlier B/M software is not affected by the vulnerability; however, this
product is affected by the existence of CENTUM CS 3000 or CS
1000 installed on the same PC.
Follow these steps:
- Update B/M9000CS to R5.05.01
- Update co-inst al led CENTUM CS 3000 t o the latest
revision(R3.09.50)