Skip to main content
Security Advisory

Yokogawa Centum VP DCS HIS

  • Maintain backups of all project files.
  • Use a redundant HIS.
  • Monitor the HIS for remote access to the RootCommand.pipe and BKH_LTREND_SAVEFILE pipes. Dragos believes these pipes are intended for local use only.
  • Monitor Windows event logs for SMB authentication that utilize the hard-coded Windows credentials. These credentials should never be used by non-Yokogawa systems.
  • Dragos Platform customers should ensure Knowledge Pack KP-2021-02 or newer is installed.

Risk Information

affected product:

Yokogawa Centum VP R6.07 Other versions may be affected

Limited Threat

CVE ID

N/A

ID

N/A

Source

Dragos

Skill Level

N/A

CVSSV3 BASE / TEMPORAL SCORE

N/A

CVSSV3 vector

N/A

Affecting

  • Yokogawa Centum VP R6.07 Other versions may be affected
  • Vulnerability Type

    Use of Hard-coded Credentials

    Improper Neutralization of Special Elements used in an OS Command

    Directory Traversal

    DLL Hijacking

    Stack-based Buffer Overflow

    Disclosure Timeline

    03/16/2021 - Dragos discloses issue