cbcvebase.
CVE-2014-0781
published 2014-03-14

CVE-2014-0781: Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP…

PriorityP268critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
25.36%
97.7th percentile
Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.

Affected

13 ranges
VendorProductVersion rangeFixed in
yokogawacentum_cs_3000< R3.09.50R3.09.50
yokogawacentum_cs_3000<= r3.09.50
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000

Detection & IOCsextracted from sources · hover to see the quote

port52302/UDP
  • Monitor for crafted UDP packets sent to port 52302 targeting BKCLogSvr.exe; the vulnerability is triggered by a specially crafted sequence of packets with an unexpectedly long 'level' field in log packets.
  • Detect BKCLogSvr.exe process crashes or unexpected termination, which may indicate heap-based buffer overflow exploitation attempts via UDP/52302.
  • A public Metasploit auxiliary module exists for this vulnerability (DoS); monitor for exploitation attempts from low-skill attackers given the low difficulty rating.
  • ·BKCLogSvr.exe listens on UDP/52302 by default and starts automatically with the system; this port must be blocked at the network perimeter to prevent remote exploitation.
  • ·The Metasploit module was tested on Yokogawa CENTUM CS 3000 R3.08.50; affected versions are R3.09.50 and earlier.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.