Yokogawa Multiple Products Buffer Overflow Vulnerabilities

CVSS 9.8 CRITICAL

CVEs (3)

CVE-2015-5626 CVE-2015-5627 CVE-2015-5628

Yokogawa has released product revisions for multiple affected products that remediate the identified vulnerabilities. Yokogawa’s Security Advisory Report, YSAR-15-0003 Vulnerabilities of Communication Functions in CENTUM, and other YOKOGAWA products are available at the following URL: (http://www.yokogawa.com/dcs/security/ysar/dcs-ysar-index-en.htm)
For additional information about the vulnerabilities and to obtain Yokogawa’s product revisions, contact Yokogawa via its Security web site at: (https://plus.yokogawa.co.jp/gw/gw.po?c-id=000498)
Yokogawa offers the following recommendations to minimize the risk associated with these vulnerabilities by applying the actions: Apply properly configured firewall between the external network and control system network to prevent external communication with the affected devices. Prevent unapproved devices from being connected to the network where vulnerable products are connected.

Yokogawa

Yokogawa · CENTUM CS 1000 <=R3.08.70

Yokogawa · CENTUM CS 3000 <=R3.09.50

Yokogawa · CENTUM CS 3000 Entry <=R3.09.50

Yokogawa · CENTUM VP <=R5.04.20

Yokogawa · CENTUM VP Entry <=R5.04.20

Yokogawa · ProSafe-RS <=R3.02.10

Yokogawa · Exaopc <=R3.72.00

Yokogawa · Exaquantum <=R2.85.00

Yokogawa · Exaquantum/Batch <=R2.50.30

Yokogawa · Exapilot <=R3.96.10

Yokogawa · Exaplog <=R3.40.00

Yokogawa · Exasmoc <=R4.03.20

Yokogawa · Exarqe <=R4.03.20

Yokogawa · Field Wireless Device OPC Server <=R2.01.02

Yokogawa · PRM <=R3.12.00

Yokogawa · STARDOM VDS <=R7.30.01

Yokogawa · STARDOM OPC Server for Windows <=R3.40

Yokogawa · FAST/TOOLS <=R10.01

Yokogawa · B/M9000CS <=R5.05.01

Yokogawa · B/M9000 VP <=R7.03.04

Yokogawa · FieldMate R1.01|R1.02

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.