CVE-2022-21194 – This vulnerability affects Yokogawa Electric in... (How to Fix)

Q: What is the severity of CVE-2022-21194?

CVE-2022-21194 has a CVSS score of 9.8 (CRITICAL). This vulnerability affects Yokogawa Electric industrial control systems where default Windows account passwords remain unchanged from initial configuration. Attackers can gain unauthorized access to critical industrial systems, potentially compromising process control and safety. Affected organizations include industrial facilities using CENTUM VP or Exaopc systems within specified vulnerable versions.

📋 TL;DR

This vulnerability affects Yokogawa Electric industrial control systems where default Windows account passwords remain unchanged from initial configuration. Attackers can gain unauthorized access to critical industrial systems, potentially compromising process control and safety. Affected organizations include industrial facilities using CENTUM VP or Exaopc systems within specified vulnerable versions.

💻 Affected Systems

Products:

CENTUM VP
Exaopc

Versions: CENTUM VP: R5.01.00 to R5.04.20 and R6.01.00 to R6.08.0; Exaopc: R3.72.00 to R3.79.00

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists when default Windows account passwords are not changed during initial configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems leading to process disruption, safety system manipulation, production shutdown, or physical damage to equipment and facilities.

🟠

Likely Case

Unauthorized access to control systems allowing data theft, configuration changes, or disruption of industrial processes.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication controls, and monitoring in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires knowledge of default credentials but is straightforward once obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: CENTUM VP: R5.04.30 or later, R6.08.10 or later; Exaopc: R3.79.10 or later

Vendor Advisory: https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf

Restart Required: Yes

Instructions:

1. Download updated software from Yokogawa support portal. 2. Backup current configuration. 3. Install updated version following vendor documentation. 4. Restart affected systems. 5. Verify installation and functionality.

🔧 Temporary Workarounds

Change Default Windows Account Passwords

windows

Manually change passwords for all Windows accounts on affected systems to strong, unique passwords.

net user [username] [newpassword]

Implement Network Segmentation

all

Isolate affected systems from general network and internet access using firewalls and VLANs.

🧯 If You Can't Patch

Immediately change all default Windows account passwords to strong, unique passwords
Implement strict network segmentation and access controls to limit exposure

🔍 How to Verify

Check if Vulnerable:

Check system version against affected ranges and verify if default Windows account passwords have been changed.

Check Version:

Check version in system information or control panel for Windows systems

Verify Fix Applied:

Confirm installation of patched versions and verify Windows account passwords are no longer default values.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts, successful logins from unexpected locations, account lockouts

Network Indicators:

Unusual network traffic patterns, connections from unauthorized IP addresses

SIEM Query:

source="windows-security" EventCode=4625 OR EventCode=4624 | where AccountName contains default account names

📊 Metadata

CVE ID: CVE-2022-21194

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: March 11, 2022

Last Updated: November 21, 2024

🔗 References

https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf Vendor Advisory
https://web-material3.yokogawa.com/1/32094/files/YSAR-22-0001-E.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-21194, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Centum Vp Entry Firmware by Yokogawa

Centum Vp Entry Firmware by Yokogawa

Centum Vp Entry Firmware by Yokogawa

Centum Vp Firmware by Yokogawa

Centum Vp Firmware by Yokogawa

Exaopc by Yokogawa

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Change Default Windows Account Passwords

Implement Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities