ICSA-18-102-01
·
Published 2018-04-12
·
View on CISA ICS-CERT ↗
Yokogawa CENTUM and Exaopc
CVSS 6.5
MEDIUM
Risk Summary
Successful exploitation of this vulnerability could allow a local attacker to generate false system or process alarms, or block system or process alarm displays.
CVEs (1)
Remediations
- CENTUM CS 1000, CENTUM CS 3000, CENTUM CS 3000 Small - No updates will be provided as these products are at end of support. Yokogawa recommends that affected users upgrade to the latest CENTUM VP.
- CENTUM VP, CENTUM VP Small, CENTUM VP BASIC - affected users should update to version R5.04.B2 or R6.04.00.
- Exaopc - affected users should update to version R3.76.00
- B/M9000CS - The vulnerability does not exist in this product however, the existence of affected software on the same PC may affect alarms for this device.
- B/M9000 VP - The vulnerability does not exist in this product however, the existence of affected software on the same PC may affect alarms for this device.
- Please see Yokogawa Security Advisory Report YSAR-18-0001
Affected Vendors
Yokogawa
Affected Products (9)
Yokogawa
·
B/M9000 CS
vers:all/*
Yokogawa
·
CENTUM VP Basic
<= R6.03.10
Yokogawa
·
CENTUM CS 1000
vers:all/*
Yokogawa
·
CENTUM CS 3000
<= R3.09.50
Yokogawa
·
Exaopc
<= R3.75.00
Yokogawa
·
CENTUM VP Small
<= R6.03.10
Yokogawa
·
CENTUM CS 3000
<= R3.09.50
Yokogawa
·
CENTUM VP
<= R6.03.10
Yokogawa
·
B/M9000 VP
<= R8.01.01
Affected Sectors
Critical Manufacturing, Energy, Food and Agriculture
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more