Friday, April 13, 2018

ICS-CERT Publishes a Yokogawa Advisory

Yesterday the DHS ICS-CERT published a control system security advisory for products from Yokogawa.

Yokogawa Advisory

This advisory describes an access controls vulnerability in the Yokogawa Centum series products. This vulnerability is being self-reported by Yokogawa. Yokogawa has produced updated versions of the supported products affected.

ICS-CERT reports that an uncharacterized attacker with uncharacterized access could exploit the vulnerability to generate false system or process alarms, or block system or process alarm displays. The Yokogawa advisory reports additional mitigation measures that would seem to indicate that the vulnerability could be exploited remotely.

Yokogawa also indicates that the two non-Centum products listed in the ICS-CERT advisory are not directly affected by this vulnerability but could have their alarm functions affected if the products are on the same computer as an exploited Centum product.

No comments:

/* Use this with templates/template-twocol.html */