CVE-2014-0782

Yokogawa CENTUM CS 1000/3000, VP, Exaopc, B/M9000CS/VP - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-0782. PoCs published by Metasploit, juan vazquez, including Metasploit module exploits/windows/scada/yokogawa_bkesimmgr_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Yokogawa CS3000's BKESimmgr.exe service via a crafted packet, leveraging a ROP chain to achieve remote code execution.

Description

Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/33331

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Yokogawa CS3000's BKESimmgr.exe service via a crafted packet, leveraging a ROP chain to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Yokogawa Centum CS3000 R3.08.50

No auth needed

Prerequisites: Network access to port 34205 · Target running vulnerable Yokogawa CS3000 version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/yokogawa_bkesimmgr_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Yokogawa CS3000's BKESimmgr.exe service via a crafted packet, leveraging a ROP chain to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Yokogawa Centum CS3000 R3.08.50

No auth needed

Prerequisites: Network access to target on port 34205

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

US Government Resource

http://ics-cert.us-cert.gov/advisories/ICSA-14-133-01

Vendor Advisory

http://www.yokogawa.com/dcs/security/ysar/YSAR-14-0001E.pdf

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/66130

Various Sources

http://www.yokogawa.com/dcs/security/ysar/dcs-ysar-index-en.htm.

Third Party Advisory x_refsource_misc

https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-14-070-01a

Scores

EPSS 0.5684

EPSS Percentile 98.9%

Details

CWE

CWE-119 CWE-121

Status published

Products (16)

yokogawa/b\/m9000_vp

yokogawa/b\/m9000_vp_software < 7.03.01

yokogawa/b\/m9000cs

yokogawa/b\/m9000cs_software < 5.05.01

Yokogawa/CENTUM CS 3000 < R3.09.50

yokogawa/centum_cs_1000

yokogawa/centum_cs_1000_software

yokogawa/centum_cs_3000

yokogawa/centum_cs_3000_entry_class

yokogawa/centum_cs_3000_entry_class_software < 3.09.50

... and 6 more

Published May 16, 2014

Tracked Since Feb 18, 2026