CVE-2014-0781
published 2014-03-14CVE-2014-0781: Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP…
PriorityP268critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
25.36%
97.7th percentile
Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yokogawa | centum_cs_3000 | < R3.09.50 | R3.09.50 |
| yokogawa | centum_cs_3000 | <= r3.09.50 | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for crafted UDP packets sent to port 52302 targeting BKCLogSvr.exe; the vulnerability is triggered by a specially crafted sequence of packets with an unexpectedly long 'level' field in log packets. ↗
- →Detect BKCLogSvr.exe process crashes or unexpected termination, which may indicate heap-based buffer overflow exploitation attempts via UDP/52302. ↗
- →A public Metasploit auxiliary module exists for this vulnerability (DoS); monitor for exploitation attempts from low-skill attackers given the low difficulty rating. ↗
- ·BKCLogSvr.exe listens on UDP/52302 by default and starts automatically with the system; this port must be blocked at the network perimeter to prevent remote exploitation. ↗
- ·The Metasploit module was tested on Yokogawa CENTUM CS 3000 R3.08.50; affected versions are R3.09.50 and earlier. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Yokogawa Multiple Products Vulnerabilities
cisa_ics·2018-09-06
Yokogawa Multiple Products Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Yokogawa Multiple Products Vulnerabilities
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-133-01
## OVERVIEW
Yokogawa reports that several buffer overflow vulnerabilities affect several of its products. Juan Vazquez of Rapid7 Inc.,Rapid7 Inc., http://www.rapid7.com, web site last accessed May 13, 2014. and independent researcher Julian Vilas Diaz reported to CERT/CC that they identified several vulnerabilities for the Yokogawa CENTUM CS 3000 application. In the investigation of this report, Yokogawa found other products that could also be affected. Please see the affected prod
CISA ICS
Yokogawa CENTUM CS 3000 Vulnerabilities (Update A)
cisa_ics·2014-03-11
Yokogawa CENTUM CS 3000 Vulnerabilities (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Yokogawa CENTUM CS 3000 Vulnerabilities (Update A)
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-070-01A
## OVERVIEW
This updated advisory is a follow-up to the original advisory titled ICSA-14-070-01 Yokogawa CENTUM CS 3000 Vulnerabilities that was published March 11, 2014, on the NCCIC/ICS-CERT web site.
Juan Vazquez of Rapid7 Inc.,Rapid7 Inc., http://www.rapid7.com, web site last accessed March 11, 2014. and independent researcher Julian Vilas Diaz have identified several buffer overflow vulnerabilities and released proof-of-concept (exploit) code for the Yokogawa CENTUM
GHSA
GHSA-m7xh-cr6w-qjx3: Heap-based buffer overflow in BKCLogSvr
ghsa_unreviewed·2022-05-17
CVE-2014-0781 [HIGH] CWE-119 GHSA-m7xh-cr6w-qjx3: Heap-based buffer overflow in BKCLogSvr
Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.
No detection rules found.
http://www.securityfocus.com/bid/66130http://www.yokogawa.com/dcs/security/ysar/dcs-ysar-index-en.htm.https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilitieshttps://www.cisa.gov/news-events/ics-advisories/icsa-14-070-01ahttp://ics-cert.us-cert.gov/advisories/ICSA-14-070-01http://www.securityfocus.com/bid/66130https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities
2014-03-14
Published