OTPulse
FeedAboutContact

Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows

Plan Patch8.6ICS-CERT ICSA-18-233-01Aug 21, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A stack-based buffer overflow vulnerability (CWE-121) exists in Yokogawa iDefine for ProSafe-RS, STARDOM (VDS and FCN/FCJ Simulator), ASTPLANNER, and TriFellows. The vulnerability allows unauthenticated remote attackers to execute arbitrary code or disable the license management function. Successful exploitation may disrupt process automation and allow modification of control system configurations.

What this means
What could happen
An attacker who can reach these Yokogawa engineering and process management tools over the network could execute arbitrary code or disable license management, potentially disrupting automation functions and allowing unauthorized modification of control system configurations.
Who's at risk
This affects operators and engineers using Yokogawa's iDefine, STARDOM, ASTPLANNER, and TriFellows products—primarily used in process automation, safety-critical systems (ProSafe-RS), and control system engineering and monitoring. Any site running these older versions for engineering work, process simulation, or safety system management should be aware of this risk.
How it could be exploited
An attacker with network access to a system running one of these tools sends a specially crafted request that exploits a stack-based buffer overflow (CWE-121). The vulnerability allows the attacker to overwrite memory and execute arbitrary code with the privileges of the affected application.
Prerequisites
  • Network access to the affected application port (exact port depends on product configuration)
  • No credentials required to exploit the vulnerability
  • The vulnerable product version must be installed and running
remotely exploitableno authentication requiredlow complexityaffects engineering/critical toolsno patch available for all products
Exploitability
Moderate exploit probability (EPSS 4.0%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
iDefine for ProSafe-RS: R1.16.3 and prior≤ R1.16.3R1.16.4
ASTPLANNER: R15.01 and prior≤ R15.01R15.02.01
TriFellows:≤ 5.045.10
STARDOM: VDS R7.50 and prior and FCN/FCJ Simulator R4.20 and prior≤ VDS R7.50 | ≤ FCN/FCJ Simulator R4.20VDS R8.10
Remediation & Mitigation
0/7
Do now
0/1
HARDENINGRestrict network access to these engineering tools using firewall rules; block inbound connections from untrusted networks
Schedule — requires maintenance window
0/5

Patching may require device reboot — plan for process interruption

HOTFIXUpdate iDefine for ProSafe-RS to version R1.16.4 or later
HOTFIXUpdate ASTPLANNER to version R15.02.01 or later
HOTFIXUpdate STARDOM (VDS) to version R8.10 or later
HOTFIXUpdate TriFellows to version 5.10 or later
HARDENINGIf remote access to these tools is required, use a VPN with up-to-date security patches
Long-term hardening
0/1
HARDENINGIsolate engineering workstations and control system networks from the business network and Internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/7c739ac5-623e-4f88-b3bc-e58b027b7dca
Yokogawa iDefine, STARDOM, ASTPLANNER, and TriFellows | CVSS 8.6 - OTPulse