A critical DoS vulnerability affects several Yokogawa products

• The vulnerability could allow an attacker to stop the communications functionality of the Vnet/IP Open Communication Driver, thereby resulting in denial of service (DoS).
• The vulnerability has a CVSS score of 7.5, tagging it as ‘high-severity’ category.

A critical vulnerability (CVE-2018-16196) that exists in the Vnet/IP Open Communication Driver impacts several Yokogawa products. This vulnerability has a CVSS score of 7.7, making it a ‘high-severity’ category vulnerability.

This vulnerability could allow an attacker to stop the communications function of the Vnet/IP Open Communication Driver thereby resulting in denial of service. Yokogawa detected the vulnerability and immediately reported it to JPCERT, which then forwarded it to the ICS-CERT. JPCERT in coordination with Yokogawa further reported this vulnerability to NCCIC.

ICS-CERT identified the vulnerability as a resource management error and reported that the affected products are used worldwide, notably in critical infrastructure sectors such as critical manufacturing, food and agriculture, and energy.

Affected Products

The affected products / devices includes:

• CENTUM CS 3000 (R3.05.00 - R3.09.50)
• CENTUM CS 3000 Entry Class (R3.05.00 - R3.09.50)
• CENTUM VP (R4.01.00 - R6.03.10)
• CENTUM VP Entry Class (R4.01.00 - R6.03.10)
• Exaopc (R3.10.00 - R3.75.00)
• PRM (R2.06.00 - R3.31.00)
• ProSafe-RS (R1.02.00 - R4.02.00)
• FAST/TOOLS (R9.02.00 - R10.02.00), and
• B/M9000 VP (R6.03.01 - R8.01.90)

NCCIC Recommendations

• National Cybersecurity and Communications Integration Center (NCCIC) recommends users to minimize network exposure for all control system devices and systems, and ensure that those devices are not accessible from the Internet.
• It recommends users to locate control system networks and remote devices behind firewalls, and isolate them from the business network.
• It suggests users to use secure methods such as Virtual Private Networks (VPNs) during remote access
• It recommends organizations to periodically conduct proper impact analysis and risk assessment prior to deploying defensive measures.
• NCCIC further requests organizations to monitor any suspected malicious activity and report NCCIC for tracking and correlation against other incidents.

Yokogawa has released patches for the affected devices. Certain products that have reached the end of support will not receive patches, therefore, the firm has requested the users to consider upgrading their system to the latest version.