Yokogawa Products
Plan Patch8.4ICS-CERT ICSA-19-274-02Oct 1, 2019
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in Yokogawa Exaopc, Exaplog, Exaquantum, Exaquantum/Batch, GA10, InsightSuiteAE, Exasmoc, and Exarqe could allow local attackers to execute arbitrary code on systems running these products. The vulnerability is triggered by unsafe file handling and requires only local access to the affected system—no special privileges, credentials, or user interaction needed. Exploitation is not possible remotely.
What this means
What could happen
A local attacker with access to a system running affected Yokogawa software could execute malicious code with the same privileges as the application, potentially disrupting data collection, process monitoring, batch operations, or advanced control functions in refineries and chemical plants.
Who's at risk
Chemical plants, refineries, and process manufacturers using Yokogawa's Exaquantum data management system, Exaplog data logging software, Exaopc OPC gateway, GA10 visualization system, InsightSuiteAE analytics, or legacy Exasmoc/Exarqe advanced control platforms. Any facility using these products for process monitoring, batch operations, or advanced control is affected.
How it could be exploited
An attacker with local access to a computer running vulnerable Yokogawa software (Exaopc, Exaplog, Exaquantum, GA10, InsightSuiteAE, or others) could write and execute a malicious file on the system. The vulnerability does not require elevated privileges, user interaction, or network access—only the ability to place a file where the Yokogawa application will execute it.
Prerequisites
- Local access to the affected system or shared network drive
- Ability to write files to a location where the Yokogawa application executes code
- No authentication or elevated privileges required
No authentication requiredLow complexity attackNo patch available for Exasmoc and Exarqe (end-of-life products)Affects enterprise data systems rather than real-time safety controls
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (8)
6 with fix2 EOL
ProductAffected VersionsFix Status
Exasmoc: (All Revisions)All versionsNo fix (EOL)
Exarqe: (All Revisions)All versionsNo fix (EOL)
Exaopc: (R1.01.00 - R3.77.00)≥ R1.01.00 | ≤ R3.77.00R3.78.00
Exaplog: (R1.10.00 - R3.40.00)≥ R1.10.00 | ≤ R3.40.00R3.40.06
Exaquantum: (R1.10.00 - R3.02.00)≥ R1.10.00 | ≤ R3.02.00R3.15.00
GA10: (R1.01.01 - R3.05.01)≥ R1.01.01 | ≤ R3.05.01R3.05.06
InsightSuiteAE: (R1.01.00 - R1.06.00)≥ R1.01.00 | ≤ R1.06.00R1.07.00
Exaquantum/Batch: (R1.01.00 - R2.50.40)≥ R1.01.00 | ≤ R2.50.40R3.15.00
Remediation & Mitigation
0/11
Do now
0/2HARDENINGRestrict local access to computers running Yokogawa software through physical access controls and account restrictions
HARDENINGDeploy anti-virus and application whitelisting on systems running Yokogawa software
Schedule — requires maintenance window
0/6Patching may require device reboot — plan for process interruption
HOTFIXUpdate Exaopc to revision R3.78.00 or later
HOTFIXUpdate Exaplog to revision R3.40.00 and apply patch R3.40.06
HOTFIXUpdate Exaquantum to revision R3.15.00 or later
HOTFIXUpdate Exaquantum/Batch to revision R3.10.00 or later
HOTFIXUpdate GA10 to revision R3.05.06 or later
HOTFIXUpdate InsightSuiteAE to revision R1.07.00 or later
Long-term hardening
0/2HOTFIXMigrate Exasmoc systems to Platform for Advanced Control and Estimation (end-of-support on September 30, 2019)
HOTFIXMigrate Exarqe systems to Platform for Advanced Control and Estimation (end-of-support on September 30, 2019)
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Exasmoc: (All Revisions), Exarqe: (All Revisions). Apply the following compensating controls:
HARDENINGIsolate engineering workstations and Yokogawa systems behind firewalls and separate them from the business network
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/b5e7cd98-ed81-4d9a-8526-8a511f1fc1aa