CVE-2014-3888

Name: CVE-2014-3888
Creator: NVD / NIST
Published: 2014-07-10T11:06:28.88+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 62.31%

Last modified Jun 17, 2026

CVE-2014-3888 is a vulnerability of currently unknown severity. Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.. EPSS estimates a 62.31% chance of exploitation in the next 30 days.

Description

Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.

Metrics

EPSS Probability

62.31%

99.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Yokogawa	Exaopc	<= 3.72.00
Yokogawa	Exaopc	3.71.02
Yokogawa	B\/M9000cs Software	<= 5.05.01
Yokogawa	B\/M9000cs	All versions
Yokogawa	Centum Vp Entry Class Software	<= 5.03.00
Yokogawa	Centum Vp Entry Class	All versions
Yokogawa	Centum Vp Software	<= 5.03.20
Yokogawa	Centum Vp Software	4.03.00
Yokogawa	Centum Vp	All versions
Yokogawa	B\/M9000 Vp Software	<= 7.03.01
Yokogawa	B\/M9000 Vp	All versions
Yokogawa	Centum Cs 3000 Software	<= 2.23.00
Yokogawa	Centum Cs 3000	All versions
Yokogawa	Centum Cs 1000 Software	All versions
Yokogawa	Centum Cs 1000	All versions
Yokogawa	Centum Cs 3000 Entry Class Software	<= 3.09.50
Yokogawa	Centum Cs 3000 Entry Class	All versions

References

http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01Third Party Advisory, US Government Resource
http://osvdb.org/show/osvdb/108756
http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.htmlExploit
http://www.exploit-db.com/exploits/34009
http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdfVendor Advisory
http://ics-cert.us-cert.gov/advisories/ICSA-14-189-01Third Party Advisory, US Government Resource
http://osvdb.org/show/osvdb/108756
http://packetstormsecurity.com/files/127382/Yokogawa-CS3000-BKFSim_vhfd.exe-Buffer-Overflow.htmlExploit
http://www.exploit-db.com/exploits/34009
http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0002E.pdfVendor Advisory

Timeline

Published: Jul 10, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-3888?

How severe is CVE-2014-3888?

Severity scoring for CVE-2014-3888 is pending analysis. The EPSS model estimates a 62.31% probability of exploitation in the next 30 days.

How do I fix CVE-2014-3888?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-3888?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST