Yokogawa WideField3

Low Risk2.8ICS-CERT ICSA-20-273-02Sep 29, 2020

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionRequired

Summary

WideField3 contains a buffer overflow vulnerability (CWE-120) that could cause the application to terminate abnormally. The vulnerability affects versions R1.01 through R4.03. Yokogawa has released revision R4.04 to address this issue.

What this means

What could happen

An attacker with local access could cause the WideField3 application to crash, potentially disrupting monitoring and control visibility until the process is manually restarted.

Who's at risk

Water and electric utility operators who rely on Yokogawa WideField3 for SCADA monitoring and control. This affects any facility using WideField3 as their primary HMI (human-machine interface) or monitoring application for critical infrastructure.

How it could be exploited

An attacker with local access to the workstation running WideField3 could supply specially crafted input that triggers a buffer overflow condition. This causes the application process to terminate abnormally, interrupting operator visibility and control of the monitored systems.

Prerequisites

Local access to the workstation running WideField3
Ability to provide input to the WideField3 application (manual interaction or through an interface the attacker can access locally)
User interaction required (the vulnerability requires UI interaction as indicated by the CVSS vector)

Local exploitation required (no remote attack)Low severity impact (denial of service only)User interaction requiredVery low exploit probability (0.2% EPSS)

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

WideField3: R1.01 - R4.03≥ R1.01 | ≤ R4.03R4.04

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict physical and network access to WideField3 workstations to authorized users only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade WideField3 to revision R4.04 or later

Long-term hardening

0/1

HARDENINGPlace WideField3 workstations behind a firewall and isolate from the business network

CVEs (1)

CVE-2020-16232

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7b34ea31-7908-42f1-915b-a386fe02a355