Yokogawa Multiple Products Vulnerabilities
Act NowICS-CERT ICSA-14-133-01Feb 13, 2014
Summary
Yokogawa multiple products contain buffer overflow vulnerabilities (CWE-122, CWE-121) affecting engineering workstations and data servers. The affected products include Exasmoc, Exarqe, AAASuite, PRM, STARDOM FCN/FCJ OPC Server, Field Wireless Device OPC Server, DAQOPC, FieldMate, EJXMVTool, RPO Production Supervisor VP, CENTUM Long-term Trend Historian, CENTUM Event Viewer Package, CENTUM CS 1000, CENTUM CS 3000 Entry Class, CENTUM VP, CENTUM VP Entry Class, Exaopc, B/M9000CS, B/M9000 VP, ProSafe-RS, Exapilot, Exaplog, and Exaquantum. No patches are available from the vendor for any of the affected products.
What this means
What could happen
Buffer overflow vulnerabilities in Yokogawa engineering workstations and data servers could allow an attacker with local or network access to execute arbitrary code, potentially compromising process configuration, alarms, and plant automation. These products serve as intermediaries between control systems and enterprise networks, making compromise a pathway to affect connected PLCs and safety-critical operations.
Who's at risk
Manufacturing facilities using Yokogawa automation platforms are affected, particularly those relying on engineering workstations (FieldMate, EJXMVTool), data collection and reporting servers (Exaquantum, DAQOPC, Exaplog), control system supervisors (CENTUM VP, CENTUM CS series, B/M9000 series), and safety-related historians (CENTUM Long-term Trend Historian, CENTUM Event Viewer Package). Facilities operating equipment in pharmaceutical, food and beverage, oil and gas, chemical processing, and power generation should assess exposure.
How it could be exploited
An attacker could exploit buffer overflow conditions in memory-handling code by sending specially crafted input (such as oversized commands or malformed data packets) to the affected Yokogawa software running on engineering workstations or data servers. If the application processes this input without proper bounds checking, memory corruption could occur, allowing code execution with the privileges of the software process.
Prerequisites
- Local or network access to the affected Yokogawa software
- Ability to send crafted input to vulnerable application (file upload, network message, or process data)
- Software running with insufficient memory protections (DEP/ASLR not enabled or bypassed)
No patches available from vendorAffects multiple critical products across automation stackMedium exploit probability (EPSS 39.8%)Buffer overflow vulnerabilities in memory-handling codeEngineering workstations often less hardened than control devicesOPC servers frequently exposed to enterprise networkPotential pathway to affect connected control systems
Exploitability
High exploit probability (EPSS 39.8%)
Affected products (23)
23 pending
ProductAffected VersionsFix Status
Exasmoc: <=R4.03.20≤ R4.03.20No fix yet
Exarqe: <=R4.03.20≤ R4.03.20No fix yet
AAASuite: <=R1.20.13≤ R1.20.13No fix yet
PRM: <=R3.11.20≤ R3.11.20No fix yet
STARDOM FCN/FCJ OPC Server for Windows: <=R3.40.01≤ R3.40.01No fix yet
Remediation & Mitigation
0/5
Do now
0/2HARDENINGImplement network segmentation to isolate Yokogawa engineering workstations and OPC servers from direct internet access and untrusted networks
HARDENINGRestrict local access to Yokogawa engineering workstations to authorized personnel only; disable remote login and RDP access where not required
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGEnable and verify Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) are active on all systems running affected Yokogawa products
Long-term hardening
0/2HARDENINGMonitor and log all network traffic to and from OPC servers; alert on unusual input or oversized packets destined to Yokogawa processes
HARDENINGEvaluate alternative vendor solutions or upgrade paths for affected products to vendors that provide security updates; document business case for transition away from end-of-life Yokogawa products
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/053a836f-5004-412d-a48d-37a86d6a96fe