Summary
Successful exploitation of these vulnerabilities could allow an attacker to terminate the software stack process, cause a denial-of-service condition, or execute arbitrary code.
The following versions of Yokogawa CENTUM VP R6, R7 are affected:
- Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300) <=R1.07.00 (CVE-2025-1924, CVE-2025-48019, CVE-2025-48020, CVE-2025-48021, CVE-2025-48022, CVE-2025-48023)
- Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300) <=R1.07.00 (CVE-2025-1924, CVE-2025-48019, CVE-2025-48020, CVE-2025-48021, CVE-2025-48022, CVE-2025-48023)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 6.9 | Yokogawa | Yokogawa CENTUM VP R6, R7 | Out-of-bounds Write, Reachable Assertion, Integer Underflow (Wrap or Wraparound), Improper Handling of Length Parameter Inconsistency |
Background
- Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Japan
Vulnerabilities
CVE-2025-1924
If the affected product receives maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed.
Affected Products
Yokogawa CENTUM VP R6, R7
Yokogawa
Yokogawa Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300): <=R1.07.00, Yokogawa Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300): <=R1.07.00
known_affected
Remediations
Mitigation
Yokogawa recommends users apply patch software (R1.08.00).
Mitigation
Yokogawa recommends users contact a local supporting office for further information or support. https://contact.yokogawa.com/cs/gw?c-id=000498
Mitigation
For more information and details on implementing these mitigations, users should see the Yokogawa advisory YSAR-26-0002 at https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf
Relevant CWE: CWE-787 Out-of-bounds Write
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.9 | MEDIUM | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H |
CVE-2025-48019
If the affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.
Affected Products
Yokogawa CENTUM VP R6, R7
Yokogawa
Yokogawa Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300): <=R1.07.00, Yokogawa Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300): <=R1.07.00
known_affected
Remediations
Mitigation
Yokogawa recommends users apply patch software (R1.08.00).
Mitigation
Yokogawa recommends users contact a local supporting office for further information or support. https://contact.yokogawa.com/cs/gw?c-id=000498
Mitigation
For more information and details on implementi
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: