← Back to home
ICSA-18-233-01  ·  Published 2018-08-21  ·  View on CISA ICS-CERT ↗

Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows

CVSS 8.6 HIGH

Risk Summary

Successful exploitation of this vulnerability may allow arbitrary code execution, or the stopping of the license management function.

CVEs (1)

Remediations

  • Yokogawa recommends users to update to the latest versions or apply the patch:ASTPLANNER: Update to R15.02.01 or contact support for the patch
  • iDefine for ProSafe-RS: Update to R1.16.4,
  • STARDOM: Update to VDS R8.10 or contact support for the patch, and
  • TriFellows: Update to Version 5.10 or contact support for the patch.
  • iDefine for ProSafe-RS and STARDOM users: https://contact.yokogawa.com/cs/gw?c-id=000498
  • ASTPLANNER and TriFellows users: https://contact.yokogawa.com/cs/gw?c-id=000497
  • When Yokogawa service personnel perform system upgrade or install patches, those charges are borne by the user. Please contact support in the following section for the countermeasures regarding the affected products. Yokogawa strongly suggests all users to introduce appropriate security measures not only for the vulnerability identified, but also to the overall systems.
  • Refer to Yokogawa's security notification YSAR-18-0006 for more information

Affected Vendors

Yokogawa

Affected Products (4)

Yokogawa · TriFellows <= 5.04
Yokogawa · STARDOM <=VDS R7.50 | <=FCN/FCJ Simulator R4.20
Yokogawa · ASTPLANNER <= R15.01
Yokogawa · iDefine for ProSafe-RS <= R1.16.3

Affected Sectors

Critical Manufacturing, Energy, and Food and Agriculture

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more