製品・ソフトウェアに関する情報
Vulnerability Search
CENTUM を含む複数の YOKOGAWA 製品の通信機能に複数の脆弱性
Title CENTUM を含む複数の YOKOGAWA 製品の通信機能に複数の脆弱性
Summary

横河電機株式会社が提供する CENTUM を含む複数の YOKOGAWA 製品の通信機能には、複数の脆弱性が存在します。 横河電機株式会社が提供する統合生産制御システムである CENTUM を含む複数の YOKOGAWA 製品の通信機能には、複数の脆弱性が存在します。   * 細工されたパケットを受信することで、通信機能が停止させられる脆弱性 (CVE-2015-5626)   * 細工されたパケットを受信することで、プロセスが停止させられる脆弱性 (CVE-2015-5627)   * 細工されたパケットを受信することで、任意のコードが実行可能な脆弱性(CVE-2015-5628) 詳しくは、製品開発者が提供する情報をご確認ください。

Possible impacts 細工された通信フレームを受信することで、通信機能やその通信機能を有するプロセスが停止させられる、あるいは、該当プロセスを実行するシステムの権限で任意のコードを実行される可能性があります。  製品開発者によると、影響を受ける製品が接続されているネットワークが他のネットワークから遮断されているなど、システム全体のネットワークが適切に管理されている場合、本脆弱性が悪用される可能性は低いと考えられるとのことです。
Solution

[アップデートする] 製品開発者が提供する情報をもとに、最新版にアップデートしてください。 [ワークアラウンドを実施する] 製品のアップデートを行うまでの間、次の回避策を適用することで本脆弱性の影響を軽減することが可能です。   * ネットワークの適切な設定や管理を行う 詳しくは、製品開発者が提供する情報をご確認ください。
Publication Date Sept. 10, 2015, midnight
Registration Date Sept. 28, 2015, 1:49 p.m.
Last Update Sept. 28, 2015, 1:49 p.m.
CVSS2.0 : 危険
Score 10
Vector AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected System
横河電機株式会社
B/M9000 VP (R7.03.04およびそれ以前)
B/M9000CS (R5.05.01およびそれ以前)
CENTUM CS 1000 (R3.08.70およびそれ以前)
CENTUM CS 3000 (R3.09.50およびそれ以前)
CENTUM CS 3000 Small (R3.09.50およびそれ以前)
CENTUM VP (R5.04.20およびそれ以前)
CENTUM VP Basic (R5.04.20およびそれ以前)
CENTUM VP Small (R5.04.20およびそれ以前)
Exaopc (R3.72.00およびそれ以前)
Exapilot (R3.96.10およびそれ以前)
Exaplog (R3.40.00およびそれ以前)
Exaquantum (R2.85.00およびそれ以前)
Exaquantum /Batch (R2.50.30およびそれ以前)
Exarqe (R4.03.20およびそれ以前)
Exasmoc (R4.03.20およびそれ以前)
FAST/TOOLS (R10.01およびそれ以前)
FieldMate (R1.01およびR1.02)
PRM (R3.12.00およびそれ以前)
ProSafe-RS (R3.02.10およびそれ以前)
STARDOM OPC Server for Windows (R3.40およびそれ以前)
STARDOM VDS (R7.30.01およびそれ以前)
フィールド無線用OPCサーバ (R2.01.02およびそれ以前)
CVE (情報セキュリティ 共通脆弱性識別子)
ベンダー情報
その他
Change Log
No Changed Details Date of change
0 [2015年09月28日]
  掲載		 Feb. 17, 2018, 10:37 a.m.
NVD Vulnerability Information
CVE-2015-5626
Summary

Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet.

Publication Date Feb. 6, 2020, 4:15 a.m.
Registration Date Jan. 26, 2021, 2:53 p.m.
Last Update Nov. 21, 2024, 11:33 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:* r3.08.70
execution environment
1 cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*
Configuration2 or higher or less more than less than
cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:* r3.09.50
execution environment
1 cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*
Configuration3 or higher or less more than less than
cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:* r3.09.50
execution environment
1 cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*
Configuration4 or higher or less more than less than
cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:* r5.04.20
execution environment
1 cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*
Configuration5 or higher or less more than less than
cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:* r5.04.20
execution environment
1 cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*
Configuration6 or higher or less more than less than
cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:* r3.02.10
execution environment
1 cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*
Configuration7 or higher or less more than less than
cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:* r3.96.10
cpe:2.3:a:yokogawa:exaquantum\/batch:*:*:*:*:*:*:*:* r2.50.30
cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:* r2.85.00
cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:* r3.72.00
cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:* r4.03.20
cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:* r4.03.20
cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:* r3.40.00
Configuration8 or higher or less more than less than
cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:* r2.01.02
execution environment
1 cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*
Configuration9 or higher or less more than less than
cpe:2.3:a:yokogawa:scada_software_\(fast\/tools\):*:*:*:*:*:*:*:* r10.01
cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:* r7.30.01
cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:* r3.12.00
Configuration10 or higher or less more than less than
cpe:2.3:o:yokogawa:b\/m9000cs_firmware:*:*:*:*:*:*:*:* r5.05.01
execution environment
1 cpe:2.3:h:yokogawa:b\/m9000cs:-:*:*:*:*:*:*:*
Configuration11 or higher or less more than less than
cpe:2.3:o:yokogawa:b\/m9000_vp_firmware:*:*:*:*:*:*:*:* r7.03.04
execution environment
1 cpe:2.3:h:yokogawa:b\/m9000_vp:-:*:*:*:*:*:*:*
Configuration12 or higher or less more than less than
cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*
cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*
Configuration13 or higher or less more than less than
cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:* r3.40
execution environment
1 cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List
CVE-2015-5627
Summary

Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet.

Publication Date Feb. 6, 2020, 4:15 a.m.
Registration Date Jan. 26, 2021, 2:53 p.m.
Last Update Nov. 21, 2024, 11:33 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:* r3.08.70
execution environment
1 cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*
Configuration2 or higher or less more than less than
cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:* r3.09.50
execution environment
1 cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*
Configuration3 or higher or less more than less than
cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:* r3.09.50
execution environment
1 cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*
Configuration4 or higher or less more than less than
cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:* r5.04.20
execution environment
1 cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*
Configuration5 or higher or less more than less than
cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:* r5.04.20
execution environment
1 cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*
Configuration6 or higher or less more than less than
cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:* r3.02.10
execution environment
1 cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*
Configuration7 or higher or less more than less than
cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:* r3.96.10
cpe:2.3:a:yokogawa:exaquantum\/batch:*:*:*:*:*:*:*:* r2.50.30
cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:* r2.85.00
cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:* r3.72.00
cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:* r4.03.20
cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:* r4.03.20
cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:* r3.40.00
Configuration8 or higher or less more than less than
cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:* r2.01.02
execution environment
1 cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*
Configuration9 or higher or less more than less than
cpe:2.3:a:yokogawa:scada_software_\(fast\/tools\):*:*:*:*:*:*:*:* r10.01
cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:* r7.30.01
cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:* r3.12.00
Configuration10 or higher or less more than less than
cpe:2.3:o:yokogawa:b\/m9000cs_firmware:*:*:*:*:*:*:*:* r5.05.01
execution environment
1 cpe:2.3:h:yokogawa:b\/m9000cs:-:*:*:*:*:*:*:*
Configuration11 or higher or less more than less than
cpe:2.3:o:yokogawa:b\/m9000_vp_firmware:*:*:*:*:*:*:*:* r7.03.04
execution environment
1 cpe:2.3:h:yokogawa:b\/m9000_vp:-:*:*:*:*:*:*:*
Configuration12 or higher or less more than less than
cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*
cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*
Configuration13 or higher or less more than less than
cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:* r3.40
execution environment
1 cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List
CVE-2015-5628
Summary

Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet.

Publication Date Feb. 6, 2020, 4:15 a.m.
Registration Date Jan. 26, 2021, 2:53 p.m.
Last Update Nov. 21, 2024, 11:33 a.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:o:yokogawa:centum_cs_1000_firmware:*:*:*:*:*:*:*:* r3.08.70
execution environment
1 cpe:2.3:h:yokogawa:centum_cs_1000:-:*:*:*:*:*:*:*
Configuration2 or higher or less more than less than
cpe:2.3:o:yokogawa:centum_cs_3000_firmware:*:*:*:*:*:*:*:* r3.09.50
execution environment
1 cpe:2.3:h:yokogawa:centum_cs_3000:-:*:*:*:*:*:*:*
Configuration3 or higher or less more than less than
cpe:2.3:o:yokogawa:centum_cs_3000_entry_firmware:*:*:*:*:*:*:*:* r3.09.50
execution environment
1 cpe:2.3:h:yokogawa:centum_cs_3000_entry:-:*:*:*:*:*:*:*
Configuration4 or higher or less more than less than
cpe:2.3:o:yokogawa:centum_vp_firmware:*:*:*:*:*:*:*:* r5.04.20
execution environment
1 cpe:2.3:h:yokogawa:centum_vp:-:*:*:*:*:*:*:*
Configuration5 or higher or less more than less than
cpe:2.3:o:yokogawa:centum_vp_entry_firmware:*:*:*:*:*:*:*:* r5.04.20
execution environment
1 cpe:2.3:h:yokogawa:centum_vp_entry:-:*:*:*:*:*:*:*
Configuration6 or higher or less more than less than
cpe:2.3:o:yokogawa:prosafe-rs_firmware:*:*:*:*:*:*:*:* r3.02.10
execution environment
1 cpe:2.3:h:yokogawa:prosafe-rs:-:*:*:*:*:*:*:*
Configuration7 or higher or less more than less than
cpe:2.3:a:yokogawa:exapilot:*:*:*:*:*:*:*:* r3.96.10
cpe:2.3:a:yokogawa:exaquantum\/batch:*:*:*:*:*:*:*:* r2.50.30
cpe:2.3:a:yokogawa:exaquantum:*:*:*:*:*:*:*:* r2.85.00
cpe:2.3:a:yokogawa:exaopc:*:*:*:*:*:*:*:* r3.72.00
cpe:2.3:a:yokogawa:exarqe:*:*:*:*:*:*:*:* r4.03.20
cpe:2.3:a:yokogawa:exasmoc:*:*:*:*:*:*:*:* r4.03.20
cpe:2.3:a:yokogawa:exaplog:*:*:*:*:*:*:*:* r3.40.00
Configuration8 or higher or less more than less than
cpe:2.3:o:yokogawa:field_wireless_device_opc_server:*:*:*:*:*:*:*:* r2.01.02
execution environment
1 cpe:2.3:h:yokogawa:field_wireless_device_opc_server:-:*:*:*:*:*:*:*
Configuration9 or higher or less more than less than
cpe:2.3:a:yokogawa:scada_software_\(fast\/tools\):*:*:*:*:*:*:*:* r10.01
cpe:2.3:a:yokogawa:versatile_data_server_software:*:*:*:*:*:*:*:* r7.30.01
cpe:2.3:a:yokogawa:plant_resource_manager:*:*:*:*:*:*:*:* r3.12.00
Configuration10 or higher or less more than less than
cpe:2.3:o:yokogawa:b\/m9000cs_firmware:*:*:*:*:*:*:*:* r5.05.01
execution environment
1 cpe:2.3:h:yokogawa:b\/m9000cs:-:*:*:*:*:*:*:*
Configuration11 or higher or less more than less than
cpe:2.3:o:yokogawa:b\/m9000_vp_firmware:*:*:*:*:*:*:*:* r7.03.04
execution environment
1 cpe:2.3:h:yokogawa:b\/m9000_vp:-:*:*:*:*:*:*:*
Configuration12 or higher or less more than less than
cpe:2.3:a:yokogawa:fieldmate:r1.02:*:*:*:*:*:*:*
cpe:2.3:a:yokogawa:fieldmate:r1.01:*:*:*:*:*:*:*
Configuration13 or higher or less more than less than
cpe:2.3:o:yokogawa:stardom_opc_server:*:*:*:*:*:windows:*:* r3.40
execution environment
1 cpe:2.3:h:yokogawa:stardom_opc_server:-:*:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List