← Back to home
ICSA-19-029-01  ·  Published 2019-01-29  ·  View on CISA ICS-CERT ↗

Yokogawa License Manager Service

CVSS 8.1 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to remotely upload files, allowing execution of arbitrary code.

CVEs (1)

Remediations

  • Yokogawa recommends users of affected devices and versions update to the latest available release. Details about the products, affected revisions, and suggested mitigations are available in the Yokogawa Security Advisory Report “YSAR-198-0001: Vulnerability of access control in License Manager Service of Yokogawa products.” This advisory can be found at the following location:https://web-material3.yokogawa.com/1/20653/files/YSAR-19-0001-E.pdfFor questions related to this report and details regarding how to update to the newest revision, please visit the Yokogawa security website (registration required): https://contact.yokogawa.com/cs/gw?c-id=000498

Affected Vendors

Yokogawa

Affected Products (5)

Yokogawa · CENTUM VP >= R5.01.00 | <= R6.06.00
Yokogawa · CENTUM VP Entry Class >= R5.01.00 | <= R6.06.00
Yokogawa · B/M9000 VP >= R7.01.01 | <= R8.02.03
Yokogawa · ProSafe-RS >= R3.01.00 | <= R4.04.00
Yokogawa · PRM >= R4.01.00 | <= R4.02.00

Affected Sectors

Critical Manufacturing, Energy, Food and Agriculture

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more