Yokogawa Wide Area Communication Router

MonitorCVSS 5.9ICS-CERT ICSA-22-181-02Jun 30, 2022

Yokogawa

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Yokogawa Wide Area Communication Router (VI461) for AW810D running Vnet/IP firmware R12 or earlier contains a vulnerability (CWE-330, weak random number generation) that could cause the router's communication functions to stop. Successful exploitation results in denial of service to the router's WAC functions, potentially disrupting data relay between control centers and field equipment. The vendor has identified the issue and recommends updating to Vnet/IP firmware R13 or later, but firmware updates require engagement with Yokogawa service personnel and incur service charges.

What this means

What could happen

An attacker could disrupt Wide Area Communication Router functions, preventing the device from relaying real-time data and commands between utility control systems and field equipment. This could degrade situational awareness and limit the ability to respond to grid or water system events.

Who's at risk

Electric utilities and water authorities using Yokogawa Wide Area Communication Router (VI461) for AW810D systems should care. This device is used to relay supervisory commands and real-time data between SCADA centers and remote field substations or pumping stations across wide-area networks.

How it could be exploited

An attacker with network access to the Wide Area Communication Router would need to send specially crafted network traffic that exploits the random number generation flaw. The device would fail to properly validate the request, causing the router's communication functions to stop.

Prerequisites

Network access to the WAC Router (VI461) for AW810D device
High attack complexity required (not trivial exploitation)

remotely exploitablehigh attack complexityaffects communication infrastructureno patch currently available from vendor

Exploitability

Unlikely to be exploited — EPSS score 0.6%

Affected products (1)

ProductAffected VersionsFix Status

Wide Area Communication Router (for AW810D) VI461: Vnet/IP firmware (F) R12 or earlier≤ R12No fix yet

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict network access to the Wide Area Communication Router; do not allow direct Internet access and place device behind a firewall with strict ingress rules

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXContact Yokogawa sales or service staff to schedule firmware update to Vnet/IP R13 or later (update must be performed by Yokogawa personnel)

HARDENINGImplement network segmentation to isolate the WAC Router and connected control system networks from business networks

HARDENINGIf remote access to the device is required, enforce use of a VPN with current security patches and strong authentication

CVEs (1)

CVE-2022-32284

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/34092588-62f0-4029-b515-eaca610934a6

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.