Yokogawa CENTUM and ProSafe-RS

Risk Summary

Successful exploitation of these vulnerabilities may allow leakage/tampering of data, cause a denial-of-service condition, or allow a local attacker to execute arbitrary programs.

CVEs (5)

Remediations

• Users of CENTUM Versions R6.01.10 through R6.09.00: Update to R6.09.00 and apply patch software (R6.09.04). In an environment where the AD server and Plant Resource Manager (PRM) are linked, there are some precautions to be taken when applying patch software (R6.09.04). Please be sure to check R6.09.04 install manual for details before applying R6.09.04
• Users of CENTUM Versions R4.01.00 though R4.03.00: No patch software will be available because these products are no longer supported by the vendor.
• B/M9000 VP: This product is not affected by these vulnerabilities. However, this product is affected by the existence of CENTUM installed on the same PC. If CENTUM is installed, perform update, and update B/M9000 to suitable revision.
• Users of Prosafe-RS: Update to R4.07.02 or later
• The environment where both CENTUM VP and ProSafe-RS are installed.
• The environment where CENTUM VP's AD server and PRM are linked.
• The environment where ProSafe-RS's AD server and PRM are linked.
• Contact Yokogawa support for more mitigation information.
• For more information see Yokogawa security advisory report: YSAR-22-0004

Affected Vendors

Affected Products (6)

Affected Sectors

Critical Manufacturing, Energy, Food and Agriculture