Yokogawa CENTUM VP
Monitor4ICS-CERT ICSA-26-092-02Apr 2, 2026
Yokogawa
Attack VectorLocal
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
Successful exploitation of this vulnerability could allow an attacker to login as the PROG user and modify permissions.
What this means
What could happen
Could impact device confidentiality, integrity, or availability
Who's at risk
Organizations in critical infrastructure using Yokogawa equipment
How it could be exploited
Attacker would need local or console access to the device without any credentials
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
CENTUM VP: >=R5.01.00|<R5.04.20≥ R5.01.00|<R5.04.20Fix available
CENTUM VP: >=R6.01.00|<R6.12.00≥ R6.01.00|<R6.12.00Fix available
CENTUM VP: vR7.01.00vR7.01.00Fix available
Remediation & Mitigation
0/5
Long-term hardening
0/5Yokogawa recommends users applying the following mitigations to affected versions:
CENTUM VP R5.01.00 to R5.04.20: Change the user authentication mode to Windows Authentication Mode.
CENTUM VP R6.01.00 to R6.12.00: Change the user authentication mode to Windows Authentication Mode.
CENTUM VP R7.01.00: Apply patch software R7.01.10.
NOTE:Changing to Windows Authentication Mode requires engineering work. If users wish to make this change, please contact Yokogawa directly
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e0d9e97e-35d3-4af0-9ae1-5e01b87e20dfGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.