1 / 5
YSAR-14-0001
Yokogawa Security Advisory Report
All Rights Reserved. Copyright © 2014, Yokogawa Electric Corporation
Yokogawa Security Ad visory Report
YSAR-14-0001E
Published on March 7, 2014
Last updated on December 22, 2017
YSAR-14-0001E: Vulnerabilities in CENTUM and other Yokogawa products
Overview:
On March 7, 2014, Yokogawa announced that any computer o n which a CENTUM CS 3000
Integrated Production Control System is installed has three buffer overflow vulnerabilities. Since
then, an additional vulnerability (”Vulnerability 4 - Simulator Management Process in the Expanded
Test Functions”) has been found. Now that Yokogawa has investigated the scope of products that
could be influenced by the four vulnerabilities and the countermeasures are summarized in this
document.
Go over the report and confirm which products are affected in order t o cons ider sec urity mea sures
for the overall systems. Also please consider applying the countermeasures introduced here as
needed.
Affected Products:
Following are t he products that would be affected by the vulnerabilities reported in this do cument.
Any computer on which t hese products are inst alled has vulnera bi lit ies.
The following produ ct s are affected by Vulnerabil i ties 1 to 4.
CENTUM CS 1000, CENTUM CS 3000, CENTUM CS 3000 Entry Class,
CENTUM VP, CENTUM VP Entry Class,
Exaopc, B/M9000CS, B/M9000 VP
The following products are affected only by Vulnerability 1.
ProSafe-RS, Exapilot, Exaplog, Exaquantum, Exaquantum/Batch, Exasmoc, Exarqe,
AAASuite, PRM, STARDOM FCN/FCJ OPC Server for Windows,
Field Wireless Device OPC Server, DAQOPC, DAQOPC for DARWIN,
FieldMate, EJXMVTool, RPO Production Supervisor VP,
CENTUM Event Viewer Pa ckage,
CENTUM Long-term T rend His torian ,
OmegaLand/OPC server interface module
For details of their revisions, please see <Table 1: List of Products affected by Vulnerabilities and
Countermeasures>.
Vulnerability 1 – Operation Logging Process:
On a computer where the affected product( s) is installed, if a certain communication frame is transmitted to
operation logging process, a buffer over flow occurs and the logging function is disabled. T here is a
potential risk that suc cessful exploitation of this vulnerability all ows remote attackers to execute arbitrary
code with system privilege.
CVSS Base Score: 9.3, Temporal Score: 7.7.
* As for Common Vulnerability Scoring System (CVSS), see the references below:
Access Vector: Network
Access Complexity: Medium
2 / 5
YSAR-14-0001
Yokogawa Security Advisory Report
All Rights Reserved. Copyright © 2014, Yokogawa Electric Corporation
Authentication: None
Confidentiali ty Impact (C): Complete
Integrity Impact (I): Complete
Availability Impact (A): Complete
Exploitability: Functional
Remediation Level: Official Fix
Report Confidence: Confirmed
Vulnerability 2 - Project Equalization Process:
<Affected packages: Operation Monitoring Basic Function >
On a computer where the affected package(s) of the affected prod uct is installed, if a certain communication
frame is transmi tted to the process which equalize s t he project data base with engineering function, a buffer
overflow occurs and al l the operation and monit oring functions in the computer are disabled. There i s a
potential risk that suc cessful exploitation of this vulnerability allows remote attackers to execute arbitrary
code.
CVSS Base Score: 9.0, Temporal Score: 7.8
Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiali ty Impact (C): Partial
Integrity Impact (I): Partial
Availability Impact (A): Complete
Exploitability: High
Remediation Level: Official Fix
Report Confidence: Confirmed
Vulnerability 3 - Batch Management Process:
<Affected packages: Batch Manageme nt Package>
On a computer where the affected package(s) of the affected product is installed, if a certain communication
frame is transmi tted to the batch management process, a buffer overflow occurs and the batch
management f unct i on is disabled. There is a pot ential risk that successf ul exploitation of this vul nerability
allows remote attack ers to execute arbitrary c ode.
CVSS Base Score: 8.3, Temporal Score: 6.9
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiali ty Impact (C): Partial
Integrity Impact (I): Partial
Availability Impact (A): Complete
Exploitability: Functional
Remediation Level: Official Fix
Report Confidence: Confirmed
Vulnerability 4 - Simulator Management Process in the Expanded Test Functions:
<Affected Packages: Expanded Test F unctions Package>
On a computer wh ere the affected pack age(s) of the affected prod uct i s installed, if a certain communication
frame is transmitted to the process which receives a request to FCS simulator Run/Qui t f rom other PC, a
buffer overflow occurs and the expanded test function is disabled. There is a potential risk that successful
exploitation of this vulnerability allows remote attackers to execute arbitrary code.
CVSS Base Score: 8.3, Temporal Score: 6.9