A critical vulnerability (CVE-2018-16196) that exists in the Vnet/IP Open Communication Driver impacts several Yokogawa products. This vulnerability has a CVSS score of 7.7, making it a ‘high-severity’ category vulnerability.
This vulnerability could allow an attacker to stop the communications function of the Vnet/IP Open Communication Driver thereby resulting in denial of service. Yokogawa detected the vulnerability and immediately reported it to JPCERT, which then forwarded it to the ICS-CERT. JPCERT in coordination with Yokogawa further reported this vulnerability to NCCIC.
ICS-CERT identified the vulnerability as a resource management error and reported that the affected products are used worldwide, notably in critical infrastructure sectors such as critical manufacturing, food and agriculture, and energy.
The affected products / devices includes:
Yokogawa has released patches for the affected devices. Certain products that have reached the end of support will not receive patches, therefore, the firm has requested the users to consider upgrading their system to the latest version.