OTPulse
FeedAboutContact

Yokogawa CENTUM Controller FCS

Monitor6.5ICS-CERT ICSA-22-228-01Aug 16, 2022
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

A denial-of-service vulnerability in Yokogawa CENTUM controllers allows an attacker to crash the device by sending specially crafted packets, causing loss of process control and monitoring. The vulnerability affects CENTUM VP/CS 3000 controller models CP31, CP33, CP345, CP401, and CP451. CENTUM CS 3000 and CENTUM VP (versions R4.01.00 to R4.03.00) are end-of-life with no patches available. Yokogawa has released patches for CENTUM VP (R5.01.00 or later) and CENTUM VP Entry Class (R6.01.00 or later).

What this means
What could happen
An attacker could send specially crafted network packets to crash the CENTUM controller, causing loss of process monitoring and control until the device is manually restarted. This affects operations of the entire integrated process control system relying on that controller.
Who's at risk
Water utilities, power plants, and other process-intensive facilities using Yokogawa CENTUM controllers should care. Specifically, operations using CENTUM VP/CS 3000 models CP31, CP33, CP345, CP401, and CP451 controllers are at risk. End-of-life CENTUM CS 3000 and CENTUM VP R4.x systems have no patches available and require network isolation as a primary control.
How it could be exploited
An attacker on the same network segment as the vulnerable controller sends malformed packets that exhaust system resources, triggering a denial-of-service condition. No authentication or credentials are required; the attack works remotely from any network-connected device.
Prerequisites
  • Network access to the CENTUM controller on the same network segment or routable network
  • No credentials required
remotely exploitableno authentication requiredlow complexityno patch available for older modelsaffects process control operations
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
CENTUM VP/CS 3000 controller FCS: CP31 CP33 CP345CP31 | CP33 | CP345R5.01.00 or later
CENTUM VP/CS 3000 controller FCS: CP401 CP451CP401 | CP451R5.01.00 or later
Remediation & Mitigation
0/6
Do now
0/3
HARDENINGIsolate CENTUM CS 3000 and CENTUM VP R4.x systems (end-of-life, no patch available) behind a firewall and restrict network access
HARDENINGPlace CENTUM controller networks behind a firewall and isolate from business networks
HARDENINGRestrict network access to the controller to only authorized management and process hosts
Schedule — requires maintenance window
0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CENTUM VP to version R5.01.00 or later
HOTFIXUpdate CENTUM VP Entry Class to version R6.01.00 or later
WORKAROUNDIf remote access is required, use a VPN and keep it updated to the latest version
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1ca4ce79-a1a1-4047-a59f-aeb4fd3db920
Yokogawa CENTUM Controller FCS | CVSS 6.5 - OTPulse