Yokogawa CENTUM VP

MonitorCVSS 4ICS-CERT ICSA-26-092-02Apr 2, 2026

Yokogawa

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Yokogawa CENTUM VP contains hardcoded or default credentials in the PROG user account that allow local attackers to gain unauthorized access and modify system permissions. Affected versions are R5.01.00 through R5.04.20, R6.01.00 through R6.12.00, and R7.01.00. The vulnerability is classified as CWE-259 (Use of Hard-Coded Password). Local access to an affected workstation or engineering node is required for exploitation.

What this means

What could happen

An attacker with local access could gain unauthorized access as the PROG user and alter system permissions, potentially disrupting plant operations or enabling further compromise of the CENTUM VP distributed control system.

Who's at risk

Water utilities, electric utilities, and chemical/petrochemical plants using Yokogawa CENTUM VP distributed control systems for process automation, especially those relying on local engineering workstations for system configuration and maintenance.

How it could be exploited

An attacker with physical or local network access to a CENTUM VP workstation could exploit hardcoded or default credentials in the PROG user account to log in and modify system permissions. The attack requires local access and specific conditions (AC:H suggests non-trivial exploitation steps), but if successful allows unauthorized system configuration changes.

Prerequisites

Local access to a CENTUM VP engineering workstation or node
CENTUM VP using standard (non-Windows) authentication mode
System running one of the affected versions (R5.01.00–R5.04.20, R6.01.00–R6.12.00, or R7.01.00)

Hardcoded or default PROG user credentials (CWE-259)Requires local access (mitigates but does not eliminate risk in multi-user or physically accessible facilities)Allows privilege escalation to modify system permissionsLow EPSS score (0%) but vulnerability exists in production control systems

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

CENTUM VP: >=R5.01.00|<R5.04.20≥ R5.01.00|<R5.04.20Fix available

CENTUM VP: >=R6.01.00|<R6.12.00≥ R6.01.00|<R6.12.00Fix available

CENTUM VP: vR7.01.00vR7.01.00Fix available

Remediation & Mitigation

0/3

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CENTUM VP R7.01.00 to patch R7.01.10 or later

HARDENINGFor CENTUM VP R5 and R6: Switch user authentication mode from standard authentication to Windows Authentication Mode to eliminate the PROG account vulnerability. Contact Yokogawa support to plan and execute this configuration change.

Long-term hardening

0/1

HARDENINGRestrict physical and network access to CENTUM VP engineering workstations to authorized personnel only

CVEs (1)

CVE-2025-7741

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e0d9e97e-35d3-4af0-9ae1-5e01b87e20df

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.