cbcvebase.
CVE-2014-5208
published 2014-12-22

CVE-2014-5208: BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc…

PriorityP260high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
23.12%
97.5th percentile
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.

Affected

18 ranges
VendorProductVersion rangeFixed in
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_cs_3000
yokogawacentum_vp<= r4.03.00
yokogawacentum_vp
yokogawacentum_vp
yokogawacentum_vp
yokogawacentum_vp
yokogawaexaopc<= 3.71.10

Detection & IOCsextracted from sources · hover to see the quote

filenameBKBCopyD.exe
commandRETR
commandSTOR
commandPMODE
  • Monitor for unauthenticated TCP connections to port 20111 targeting BKBCopyD.exe; any external or unexpected source connecting to this port should be treated as suspicious.
  • Detect use of PMODE, RETR, and STOR operations against port 20111/TCP as indicators of active exploitation — PMODE leaks DB location, RETR reads files, STOR writes files.
  • A public Metasploit auxiliary module (yokogawa_bkbcopyd_client.rb) exists for this vulnerability; alert on Metasploit-characteristic network patterns targeting port 20111/TCP.
  • Block port 20111/TCP traffic to Exaopc installations entirely, as Exaopc has no legitimate need to expose this service.
  • ·This is a distinct vulnerability from CVE-2014-0784, which also affects BKBCopyD.exe; both must be addressed independently.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.