Yokogawa CENTUM VP R6, R7

Summary

Successful exploitation of these vulnerabilities could allow an attacker to terminate the software stack process, cause a denial-of-service condition, or execute arbitrary code.

The following versions of Yokogawa CENTUM VP R6, R7 are affected:

Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300) <=R1.07.00 (CVE-2025-1924, CVE-2025-48019, CVE-2025-48020, CVE-2025-48021, CVE-2025-48022, CVE-2025-48023)
Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300) <=R1.07.00 (CVE-2025-1924, CVE-2025-48019, CVE-2025-48020, CVE-2025-48021, CVE-2025-48022, CVE-2025-48023)

CVSS	Vendor	Equipment	Vulnerabilities
v3 6.9	Yokogawa	Yokogawa CENTUM VP R6, R7	Out-of-bounds Write, Reachable Assertion, Integer Underflow (Wrap or Wraparound), Improper Handling of Length Parameter Inconsistency

Background

Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Japan

Vulnerabilities

Expand All +

CVE-2025-1924

If the affected product receives maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed.

View CVE Details

Affected Products

Vendor:
Yokogawa

Product Version:
Yokogawa Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300): <=R1.07.00, Yokogawa Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300): <=R1.07.00

Product Status:
known_affected

Remediations

Mitigation
Yokogawa recommends users apply patch software (R1.08.00).

Mitigation
Yokogawa recommends users contact a local supporting office for further information or support. https://contact.yokogawa.com/cs/gw?c-id=000498

Mitigation
For more information and details on implementing these mitigations, users should see the Yokogawa advisory YSAR-26-0002 at https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf

Relevant CWE: CWE-787 Out-of-bounds Write

Metrics

CVSS Version	Base Score	Base Severity	Vector String
3.1	6.9	MEDIUM	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H

CVE-2025-48019

If the affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.

View CVE Details

Affected Products

Yokogawa CENTUM VP R6, R7

Vendor:
Yokogawa

Product Version:
Yokogawa Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300): <=R1.07.00, Yokogawa Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300): <=R1.07.00

Product Status:
known_affected

Remediations

Mitigation
Yokogawa recommends users apply patch software (R1.08.00).

Mitigation
Yokogawa recommends users contact a local supporting office for further information or support. https://contact.yokogawa.com/cs/gw?c-id=000498

Mitigation
For more information and details on implementi

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Yokogawa CENTUM VP R6, R7

Yokogawa CENTUM VP R6, R7

Summary

Background

Vulnerabilities

CVE-2025-1924

Affected Products

Yokogawa CENTUM VP R6, R7

Remediations

Metrics

CVE-2025-48019

Affected Products

Yokogawa CENTUM VP R6, R7

Remediations

Read the original article:

Like this:

Related

Summary

Background

Vulnerabilities

CVE-2025-1924

Affected Products

Yokogawa CENTUM VP R6, R7

Remediations

Metrics

CVE-2025-48019

Affected Products

Yokogawa CENTUM VP R6, R7

Remediations

Read the original article:

Share this:

Like this:

Related

Post navigation