CVE-2025-1924
📋 TL;DR
A vulnerability in Yokogawa's Vnet/IP Interface Package allows attackers to cause denial of service or execute arbitrary code by sending maliciously crafted packets. This affects industrial control systems using CENTUM VP R6 and R7 with the vulnerable interface package. Organizations using these Yokogawa industrial automation products are at risk.
💻 Affected Systems
- Vnet/IP Interface Package for CENTUM VP R6 VP6C3300
- Vnet/IP Interface Package for CENTUM VP R7 VP7C3300
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, process disruption, and potential safety incidents in industrial environments.
Likely Case
Denial of service causing Vnet/IP communication failure, disrupting industrial control operations and potentially halting production processes.
If Mitigated
Limited impact with proper network segmentation and packet filtering, potentially only causing temporary communication interruptions.
🎯 Exploit Status
Exploitation requires network access to vulnerable systems and ability to craft malicious packets. No public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: R1.08.00 or later
Vendor Advisory: https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf
Restart Required: No
Instructions:
1. Download updated Vnet/IP Interface Package from Yokogawa support portal. 2. Follow vendor installation instructions for CENTUM VP systems. 3. Verify successful installation and test communication functionality.
🔧 Temporary Workarounds
Network Segmentation
allIsolate Vnet/IP networks from general corporate networks using firewalls and VLANs
Packet Filtering
allImplement firewall rules to restrict access to Vnet/IP ports from unauthorized sources
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Vnet/IP networks
- Deploy intrusion detection systems to monitor for malicious packet patterns
🔍 How to Verify
Check if Vulnerable:
Check Vnet/IP Interface Package version in CENTUM VP system configuration or contact Yokogawa supportCheck Version:
Check through CENTUM VP system configuration interface or Yokogawa diagnostic toolsVerify Fix Applied:
Verify Vnet/IP Interface Package version is R1.08.00 or later and test communication functionality📡 Detection & Monitoring
Log Indicators:
- Unusual Vnet/IP communication errors
- Interface package crashes or restarts
- Failed communication attempts from unknown sources
Network Indicators:
- Malformed packets to Vnet/IP ports
- Unusual traffic patterns to industrial control network segments
SIEM Query:
source="industrial_network" AND (event_type="communication_failure" OR packet_size>threshold)