CVE-2015-5628

Description

Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet.

Category

9.8
CVSS
Severity: Critical
CVSS 3.1 •
CVSS 2.0 •
EPSS 5.75% Top 15%
Third-Party Advisory us-cert.gov
Affected: Yokogawa CENTUM CS 1000
Affected: Yokogawa CENTUM CS 3000
Affected: Yokogawa CENTUM CS 3000 Entry
Affected: Yokogawa CENTUM VP
Affected: Yokogawa CENTUM VP Entry
Affected: Yokogawa ProSafe-RS
Affected: Yokogawa Exaopc
Affected: Yokogawa Exaquantum
Affected: Yokogawa Exaquantum/Batch
Affected: Yokogawa Exapilot
Affected: Yokogawa Exaplog
Affected: Yokogawa Exasmoc
Affected: Yokogawa Exarqe
Affected: Yokogawa Field Wireless Device OPC Server
Affected: Yokogawa PRM
Affected: Yokogawa STARDOM VDS
Affected: Yokogawa STARDOM OPC Server for Windows
Affected: Yokogawa FAST/TOOLS
Affected: Yokogawa B/M9000CS
Affected: Yokogawa B/M9000 VP
Affected: Yokogawa FieldMate
Published at:
Updated at:

References

Link Tags
https://ics-cert.us-cert.gov/advisories/ICSA-15-253-01 us government resource third party advisory mitigation
http://www.yokogawa.com/dcs/security/ysar/YSAR-15-0003E.pdf not applicable

Frequently Asked Questions

What is the severity of CVE-2015-5628?
CVE-2015-5628 has been scored as a critical severity vulnerability.
How to fix CVE-2015-5628?
To fix CVE-2015-5628, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2015-5628 being actively exploited in the wild?
It is possible that CVE-2015-5628 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~6% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2015-5628?
CVE-2015-5628 affects Yokogawa CENTUM CS 1000, Yokogawa CENTUM CS 3000, Yokogawa CENTUM CS 3000 Entry, Yokogawa CENTUM VP, Yokogawa CENTUM VP Entry, Yokogawa ProSafe-RS, Yokogawa Exaopc, Yokogawa Exaquantum, Yokogawa Exaquantum/Batch, Yokogawa Exapilot, Yokogawa Exaplog, Yokogawa Exasmoc, Yokogawa Exarqe, Yokogawa Field Wireless Device OPC Server, Yokogawa PRM, Yokogawa STARDOM VDS, Yokogawa STARDOM OPC Server for Windows, Yokogawa FAST/TOOLS, Yokogawa B/M9000CS, Yokogawa B/M9000 VP, Yokogawa FieldMate.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.