CVE-2014-0781

Yokogawa CENTUM CS 3000 < R3.09.50 - Remote Code Execution via Crafted UDP Packets

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-0781. PoCs published by juan vazquez, including Metasploit module auxiliary/dos/scada/yokogawa_logsvr.

AI-analyzed exploit summary This Metasploit module exploits a heap buffer overflow in Yokogawa CENTUM CS 3000's BKCLogSvr.exe via malformed UDP log packets, causing a Denial of Service (DoS). It sends two consecutive packets with an oversized level field to trigger the vulnerability.

Description

Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.

Exploits (1)

metasploit WORKING POC
by juan vazquez · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/scada/yokogawa_logsvr.rb

This Metasploit module exploits a heap buffer overflow in Yokogawa CENTUM CS 3000's BKCLogSvr.exe via malformed UDP log packets, causing a Denial of Service (DoS). It sends two consecutive packets with an oversized level field to trigger the vulnerability.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Yokogawa CENTUM CS 3000 R3.08.50
No auth needed
Prerequisites: Network access to UDP port 52302
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

EPSS 0.2536
EPSS Percentile 97.7%

Details

CWE
CWE-119 CWE-122
Status published
Products (13)
Yokogawa/CENTUM CS 3000 < R3.09.50
yokogawa/centum_cs_3000 r3.01
yokogawa/centum_cs_3000 r3.02
yokogawa/centum_cs_3000 r3.03
yokogawa/centum_cs_3000 r3.04
yokogawa/centum_cs_3000 r3.05
yokogawa/centum_cs_3000 r3.06
yokogawa/centum_cs_3000 r3.07
yokogawa/centum_cs_3000 r3.08
yokogawa/centum_cs_3000 r3.08.50
... and 3 more
Published Mar 14, 2014
Tracked Since Feb 18, 2026