Yokogawa CENTUM and Exaopc Vulnerability (Update A)
Low RiskICS-CERT ICSA-14-260-01AJun 20, 2014
Summary
Yokogawa CENTUM and Exaopc systems contain an improper authentication vulnerability (CWE-287) that could allow an attacker with network access to bypass authentication controls. Affected versions include all CENTUM series with Batch Management Packages, CENTUM CS 3000 versions through R3.09.50, CENTUM VP versions through R5.04.00, and Exaopc versions through R3.72.10. No vendor patch is currently available for any affected product.
What this means
What could happen
An attacker with network access could bypass authentication controls on Yokogawa CENTUM or Exaopc systems, potentially allowing unauthorized access to critical process control functions. This could enable modification of control setpoints, process parameters, or operational commands on manufacturing or utility systems.
Who's at risk
Water authorities and electric utilities using Yokogawa CENTUM distributed control systems (DCS) or Exaopc operator interface software are affected. This includes facilities running any version of CENTUM with Batch Management Packages, CENTUM CS 3000 (standard or Entry Class), CENTUM VP (standard or Entry Class), and any version of Exaopc up to R3.72.10. CENTUM systems are commonly used to monitor and control process flows, chemical dosing, power distribution, and other critical operational functions.
How it could be exploited
An attacker on the network could send specially crafted requests to the CENTUM or Exaopc system that bypass or circumvent the authentication mechanism (CWE-287: Improper Authentication). Once authenticated, the attacker could interact with the process control interface to modify operations without providing valid credentials.
Prerequisites
- Network access to the CENTUM or Exaopc system on the control network
- The authentication weakness must be present in the specific installed version
No authentication requiredRemotely exploitableNo patch availableAffects control systems
Exploitability
Moderate exploit probability (EPSS 8.5%)
Affected products (7)
4 pending3 EOL
ProductAffected VersionsFix Status
CENTUM series with the Batch Management Packages installed: vers:all/*All versionsNo fix yet
CENTUM: <=VP_R4.03.00_R5.04.00≤ VP R4.03.00 R5.04.00No fix yet
CENTUM: <=VP_Entry_Class_R4.03.00≤ VP Entry Class R4.03.00No fix yet
CENTUM: <=VP_Entry_Class:_R5.04.00≤ VP Entry Class: R5.04.00No fix yet
CENTUM CS 3000: <=R3.09.50≤ R3.09.50No fix (EOL)
Exaopc: <=R3.72.10≤ R3.72.10No fix (EOL)
CENTUM CS 3000 Entry Class: <=R3.09.50≤ R3.09.50No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGImplement network segmentation and firewall rules to restrict access to CENTUM and Exaopc systems to authorized engineering workstations and control networks only
HARDENINGImplement strong network access controls such as VPN or jump servers to limit direct connectivity to CENTUM and Exaopc systems from untrusted networks
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: CENTUM CS 3000: <=R3.09.50, Exaopc: <=R3.72.10, CENTUM CS 3000 Entry Class: <=R3.09.50. Apply the following compensating controls:
HARDENINGMonitor network traffic to and from CENTUM and Exaopc systems for suspicious authentication attempts or unauthorized access patterns
HARDENINGMaintain updated inventory of all CENTUM and Exaopc deployments and their specific versions to track exposure
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/36906208-19cf-4f82-b5ac-c74d42822a85