CVE-2014-5208
published 2014-12-22CVE-2014-5208: BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc…
PriorityP260high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
23.12%
97.5th percentile
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_cs_3000 | — | — |
| yokogawa | centum_vp | <= r4.03.00 | — |
| yokogawa | centum_vp | — | — |
| yokogawa | centum_vp | — | — |
| yokogawa | centum_vp | — | — |
| yokogawa | centum_vp | — | — |
| yokogawa | exaopc | <= 3.71.10 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated TCP connections to port 20111 targeting BKBCopyD.exe; any external or unexpected source connecting to this port should be treated as suspicious. ↗
- →Detect use of PMODE, RETR, and STOR operations against port 20111/TCP as indicators of active exploitation — PMODE leaks DB location, RETR reads files, STOR writes files. ↗
- →A public Metasploit auxiliary module (yokogawa_bkbcopyd_client.rb) exists for this vulnerability; alert on Metasploit-characteristic network patterns targeting port 20111/TCP. ↗
- →Block port 20111/TCP traffic to Exaopc installations entirely, as Exaopc has no legitimate need to expose this service. ↗
- ·This is a distinct vulnerability from CVE-2014-0784, which also affects BKBCopyD.exe; both must be addressed independently. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-52h8-fmg8-32xq: BKBCopyD
ghsa_unreviewed·2022-05-17·CVSS 8.3
CVE-2014-5208 [HIGH] CWE-284 GHSA-52h8-fmg8-32xq: BKBCopyD
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbitrary files via a STOR operation, or obtain sensitive database-location information via a PMODE operation, a different vulnerability than CVE-2014-0784.
CISA ICS
Yokogawa CENTUM and Exaopc Vulnerability (Update A)
cisa_ics·2014-09-17
Yokogawa CENTUM and Exaopc Vulnerability (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Yokogawa CENTUM and Exaopc Vulnerability (Update A)
Last RevisedSeptember 05, 2018
Alert CodeICSA-14-260-01A
## OVERVIEW
This updated advisory is a follow-up to the original advisory titled ICSA-14-260-01 Yokogawa CENTUM and Exaopc Vulnerability that was published September 17, 2014, on the NCCIC/ICS-CERT web site.
Tod Beardsley of Rapid7 Inc. and Jim Denaro of CipherLaw have identified an authentication vulnerability and released proof-of-concept (exploit) code for the Yokogawa CENTUM CS 3000 series and Exaopc products. JPCERT and Yokogawa have mitigated this vulnerability.
T
No detection rules found.
No writeups or analysis indexed.
http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdfhttps://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-accesshttps://ics-cert.us-cert.gov/advisories/ICSA-14-260-01Ahttp://www.yokogawa.com/dcs/security/ysar/YSAR-14-0003E.pdfhttps://community.rapid7.com/community/metasploit/blog/2014/08/09/r7-2014-10-disclosure-yokogawa-centum-cs3000-bkbcopydexe-file-system-accesshttps://ics-cert.us-cert.gov/advisories/ICSA-14-260-01A
2014-12-22
Published