Yokogawa CENTUM VP R6, R7

MonitorCVSS 6.9ICS-CERT ICSA-26-057-09Feb 26, 2026

YokogawaEnergyManufacturing

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Yokogawa CENTUM VP R6 and R7 Vnet/IP Interface Package versions R1.07.00 and earlier contain vulnerabilities (CWE-787 out-of-bounds write, CWE-617 reachable assertion, CWE-191 integer underflow, CWE-130 improper null termination) that could allow an attacker with network access to the device to execute arbitrary code, cause a denial-of-service condition, or terminate the software stack process. Exploitation requires adjacent network access and high attack complexity. No public exploitation has been reported.

What this means

What could happen

An attacker with network access to a CENTUM VP system could crash the control software, cause loss of industrial process visibility and control, or potentially execute arbitrary code to alter control logic. This affects real-time process monitoring and management for energy and manufacturing operations.

Who's at risk

Energy utilities and manufacturing facilities running Yokogawa CENTUM VP R6 or R7 distributed control systems, specifically those deployed with Vnet/IP Interface Package modules. This affects organizations that depend on this platform for real-time process visibility and control of critical operations like power generation, refining, or chemical processing.

How it could be exploited

An attacker with access to the network segment containing the Vnet/IP Interface Package would send a specially crafted network packet to the device. The malformed input would trigger one of the memory safety issues (out-of-bounds write, integer underflow, improper null termination) to either crash the process or, in the worst case, execute arbitrary code. Attack complexity is high due to the specific packet construction required.

Prerequisites

Network access to the CENTUM VP device on the adjacent network segment (AV:A)
High attack complexity packet construction capability

Memory safety vulnerabilities (out-of-bounds write, integer underflow)affects DCS safety-critical functionsno authentication required for network accesshigh attack complexity reduces immediate risk

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300): <=R1.07.00≤ R1.07.00R1.08.00

Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300): <=R1.07.00≤ R1.07.00R1.08.00

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to CENTUM VP devices to only authorized engineering workstations and control network segments using firewall rules

HARDENINGVerify that CENTUM VP systems are isolated from business networks and not directly exposed to the internet

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Vnet/IP Interface Package to R1.08.00 or later on all CENTUM VP R6 systems

HOTFIXUpdate Vnet/IP Interface Package to R1.08.00 or later on all CENTUM VP R7 systems

CVEs (6)

CVE-2025-1924 CVE-2025-48019 CVE-2025-48020 CVE-2025-48021 CVE-2025-48022 CVE-2025-48023

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a3a62f28-dce5-4c4f-8549-04bb219abff1

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.