CVE-2014-0783

Yokogawa CENTUM CS 3000 < R3.09.50 - Remote Code Execution via Crafted TCP Packet

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-0783. PoCs published by Metasploit, juan vazquez, including Metasploit module exploits/windows/scada/yokogawa_bkhodeq_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Yokogawa CENTUM CS 3000's BKHOdeq.exe service via a crafted packet, achieving remote code execution. It uses SEH overwrites, ROP chains, and a stack pivot to execute payloads.

Description

Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/32209

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Yokogawa CENTUM CS 3000's BKHOdeq.exe service via a crafted packet, achieving remote code execution. It uses SEH overwrites, ROP chains, and a stack pivot to execute payloads.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Yokogawa CENTUM CS 3000 R3.08.50

No auth needed

Prerequisites: Network access to port 20171 · Target running vulnerable Yokogawa CENTUM CS 3000 version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/yokogawa_bkhodeq_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Yokogawa CENTUM CS 3000's BKHOdeq.exe service via a crafted packet sent to port 20171. It leverages SEH overwrites and a ROP chain to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Yokogawa CENTUM CS 3000 R3.08.50

No auth needed

Prerequisites: Network access to target port 20171 · Vulnerable version of Yokogawa CENTUM CS 3000

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, US Government Resource

http://ics-cert.us-cert.gov/advisories/ICSA-14-070-01

Various Sources

http://www.yokogawa.com/dcs/security/ysar/dcs-ysar-index-en.htm.

Exploit x_refsource_misc

https://community.rapid7.com/community/metasploit/blog/2014/03/10/yokogawa-centum-cs3000-vulnerabilities

Third Party Advisory, VDB Entry

http://www.securityfocus.com/bid/66111

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-14-070-01a

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/66130

Scores

EPSS 0.6836

EPSS Percentile 99.2%

Details

CWE

CWE-119 CWE-121

Status published

Products (13)

Yokogawa/CENTUM CS 3000 < R3.09.50

yokogawa/centum_cs_3000 r3.01

yokogawa/centum_cs_3000 r3.02

yokogawa/centum_cs_3000 r3.03

yokogawa/centum_cs_3000 r3.04

yokogawa/centum_cs_3000 r3.05

yokogawa/centum_cs_3000 r3.06

yokogawa/centum_cs_3000 r3.07

yokogawa/centum_cs_3000 r3.08

yokogawa/centum_cs_3000 r3.08.50

... and 3 more

Published Mar 14, 2014

Tracked Since Feb 18, 2026