OTPulse
FeedAboutContact

Yokogawa Wide Area Communication Router

Monitor5.9ICS-CERT ICSA-22-181-02Jun 30, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

Yokogawa Wide Area Communication Router (VI461) for AW810D running Vnet/IP firmware R12 or earlier contains a vulnerability (CWE-330, weak random number generation) that could cause the router's communication functions to stop. Successful exploitation results in denial of service to the router's WAC functions, potentially disrupting data relay between control centers and field equipment. The vendor has identified the issue and recommends updating to Vnet/IP firmware R13 or later, but firmware updates require engagement with Yokogawa service personnel and incur service charges.

What this means
What could happen
An attacker could disrupt Wide Area Communication Router functions, preventing the device from relaying real-time data and commands between utility control systems and field equipment. This could degrade situational awareness and limit the ability to respond to grid or water system events.
Who's at risk
Electric utilities and water authorities using Yokogawa Wide Area Communication Router (VI461) for AW810D systems should care. This device is used to relay supervisory commands and real-time data between SCADA centers and remote field substations or pumping stations across wide-area networks.
How it could be exploited
An attacker with network access to the Wide Area Communication Router would need to send specially crafted network traffic that exploits the random number generation flaw. The device would fail to properly validate the request, causing the router's communication functions to stop.
Prerequisites
  • Network access to the WAC Router (VI461) for AW810D device
  • High attack complexity required (not trivial exploitation)
remotely exploitablehigh attack complexityaffects communication infrastructureno patch currently available from vendor
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (1)
ProductAffected VersionsFix Status
Wide Area Communication Router (for AW810D) VI461: Vnet/IP firmware (F) R12 or earlier≤ R12No fix yet
Remediation & Mitigation
0/4
Do now
0/1
HARDENINGRestrict network access to the Wide Area Communication Router; do not allow direct Internet access and place device behind a firewall with strict ingress rules
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

HOTFIXContact Yokogawa sales or service staff to schedule firmware update to Vnet/IP R13 or later (update must be performed by Yokogawa personnel)
HARDENINGImplement network segmentation to isolate the WAC Router and connected control system networks from business networks
HARDENINGIf remote access to the device is required, enforce use of a VPN with current security patches and strong authentication
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/34092588-62f0-4029-b515-eaca610934a6
Yokogawa Wide Area Communication Router | CVSS 5.9 - OTPulse