OTPulse

Yokogawa Dual-redundant Platform for Computer (PC2CKM)

Plan PatchCVSS 7.5ICS-CERT ICSA-24-261-03Sep 17, 2024
YokogawaEnergyManufacturing
Summary

A denial-of-service vulnerability exists in Yokogawa Dual-redundant Platform for Computer (PC2CKM) versions R1.01.00 through R2.03.00 (before R2.03.10). The vulnerability allows an attacker with network access to crash the service, causing the redundant computer platform to become unavailable and disrupt industrial control operations.

What this means
What could happen
An attacker could cause the PC2CKM platform to become unavailable, disrupting redundant computer systems that manage critical industrial processes in power generation and manufacturing plants.
Who's at risk
Energy utilities and manufacturing plants running Yokogawa's dual-redundant computer platforms (PC2CKM) for process control and system management should prioritize this update. This affects critical redundancy systems that ensure continuous operation of power generation, transmission, and industrial manufacturing processes.
How it could be exploited
An attacker with network access to the PC2CKM platform could send malformed requests that trigger unhandled exceptions in the application, causing the service to crash and stop responding to legitimate requests.
Prerequisites
  • Network access to the PC2CKM platform
  • No authentication required
remotely exploitableno authentication requiredaffects critical infrastructure redundancy systems
Exploitability
Unlikely to be exploited — EPSS score 0.2%
Affected products (1)
ProductAffected VersionsFix Status
Dual-redundant Platform for Computer (PC2CKM): >=R1.01.00|<R2.03.00≥ R1.01.00|<R2.03.00R2.03.10
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict network access to the PC2CKM platform to only authorized engineering workstations and control systems using firewall rules
HARDENINGEnsure the PC2CKM platform is not directly accessible from the internet
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Yokogawa PC2CKM to version R2.03.10 or later
Long-term hardening
0/1
HARDENINGIsolate the PC2CKM platform and associated redundant computer systems from the business network using network segmentation
View full CISA ICS-CERT advisory
API: /api/v1/advisories/b8cdcf99-734c-4cbe-841f-da17a1ad4359

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Yokogawa Dual-redundant Platform for Computer (PC2CKM) | CVSS 7.5 - OTPulse