CVE-2024-8110
📋 TL;DR
A Denial of Service vulnerability in Yokogawa's Dual-redundant Platform allows attackers to cause system restarts by flooding UDP broadcast packets. This affects industrial control systems using this platform, potentially causing temporary service disruption. Both active and standby computers can be affected simultaneously.
💻 Affected Systems
- Yokogawa Dual-redundant Platform for Computer
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Both active and standby computers restart simultaneously, causing complete temporary loss of functionality for industrial control systems, potentially disrupting critical operations.
Likely Case
Individual computers restart when flooded with UDP packets, causing temporary service disruption until systems recover automatically.
If Mitigated
With proper network segmentation and rate limiting, impact is limited to isolated network segments with minimal operational disruption.
🎯 Exploit Status
Exploitation requires ability to send UDP broadcast packets to affected systems. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version with fix not specified in advisory
Vendor Advisory: https://web-material3.yokogawa.com/1/36276/files/YSAR-24-0003-E.pdf
Restart Required: Yes
Instructions:
1. Contact Yokogawa for patch details 2. Apply provided patches 3. Restart affected systems 4. Verify fix implementation
🔧 Temporary Workarounds
Network Segmentation
allIsolate affected systems in separate network segments to limit UDP broadcast exposure
Configure firewall rules to block UDP broadcast traffic to affected systems
Rate Limiting
allImplement UDP rate limiting on network devices
Configure rate limiting on switches/routers: 'rate-limit input udp-broadcast 1000' (example)
🧯 If You Can't Patch
- Implement strict network segmentation to isolate affected systems
- Deploy network monitoring to detect UDP flood attempts
🔍 How to Verify
Check if Vulnerable:
Check if running Yokogawa Dual-redundant Platform and review system logs for unexpected restarts following UDP traffic spikesCheck Version:
Contact Yokogawa support for version checking proceduresVerify Fix Applied:
Contact Yokogawa for verification procedures specific to their patch📡 Detection & Monitoring
Log Indicators:
- Unexpected system restarts
- High UDP packet counts in network logs
- System crash/reboot events
Network Indicators:
- Spike in UDP broadcast traffic to affected systems
- Unusual UDP packet patterns
SIEM Query:
source="network" udp_port=* AND packet_count>1000 AND dest_ip="affected_system_ip" | stats count by src_ip