---
title: "Critical Vulnerabilities in Yokogawa CENTUM VP R6 & R7 Expose Industrial Systems"
short_title: "Yokogawa CENTUM VP flaws risk industrial systems"
description: "Six critical vulnerabilities in Yokogawa CENTUM VP R6 & R7 could allow DoS attacks or arbitrary code execution. Patch now to secure critical infrastructure."
author: "Vitus"
date: 2024-10-15
categories: [Cybersecurity, Vulnerabilities]
tags: [yokogawa, centum-vp, cve-2025-1924, dos, industrial-control-systems]
score: 0.85
cve_ids: [CVE-2025-1924, CVE-2025-48019, CVE-2025-48020, CVE-2025-48021, CVE-2025-48022, CVE-2025-48023]
---
TL;DR
Six critical vulnerabilities in Yokogawa CENTUM VP R6 and R7 could allow attackers to terminate software processes, cause denial-of-service (DoS) conditions, or execute arbitrary code. Affected systems are deployed in critical manufacturing, energy, and food sectors worldwide. Yokogawa has released a patch (R1.08.00) to mitigate these risks.
---
Main Content
Introduction
Yokogawa, a global leader in industrial automation, has disclosed six critical vulnerabilities in its CENTUM VP R6 and R7 systems. These flaws, if exploited, could disrupt operations in critical infrastructure sectors, including energy, manufacturing, and food production. The vulnerabilities stem from issues like out-of-bounds writes, reachable assertions, and improper handling of length parameters in the Vnet/IP interface package.
---
Key Points
- Affected Systems: Yokogawa CENTUM VP R6 (VP6C3300) and R7 (VP7C3300) versions ≤ R1.07.00.
- Critical Sectors: Energy, critical manufacturing, and food & agriculture.
- Exploitation Risks: Successful attacks could lead to DoS conditions or arbitrary code execution.
- Mitigation: Yokogawa recommends applying patch R1.08.00 or contacting local support for assistance.
---
Technical Details
#### Vulnerabilities Overview
The vulnerabilities are categorized as follows:
| CVE ID | Type | CVSS Score | Severity |
|--------------------|-----------------------------------------------|----------------|--------------|
| CVE-2025-1924 | Out-of-bounds Write | 6.9 | Medium |
| CVE-2025-48019 | Reachable Assertion | 5.3 | Medium |
| CVE-2025-48020 | Reachable Assertion | 5.3 | Medium |
| CVE-2025-48021 | Integer Underflow (Wrap or Wraparound) | 5.3 | Medium |
| CVE-2025-48022 | Improper Handling of Length Parameter | 5.3 | Medium |
| CVE-2025-48023 | Reachable Assertion | 5.3 | Medium |
#### Exploitation Mechanism
Attackers can exploit these vulnerabilities by sending maliciously crafted packets to the affected systems. This could result in:
- Termination of the Vnet/IP software stack process.
- DoS conditions, disrupting industrial operations.
- Arbitrary code execution, allowing attackers to gain control of the system.
---
Impact Assessment
The vulnerabilities pose a significant risk to industries relying on Yokogawa’s CENTUM VP systems. Potential impacts include:
- Operational Disruptions: DoS attacks could halt production lines, leading to financial losses.
- Safety Risks: In energy and manufacturing sectors, disruptions could compromise safety protocols.
- Data Breaches: Arbitrary code execution could expose sensitive industrial data.
#### Affected Systems
- Yokogawa Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300): ≤ R1.07.00
- Yokogawa Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300): ≤ R1.07.00
---
Mitigation Steps
Yokogawa has provided the following recommendations to mitigate these vulnerabilities:
1. Apply Patch R1.08.00: Users should immediately update to the latest software version.
2. Contact Local Support: For further assistance, users can reach out to Yokogawa’s support offices via [this link](https://contact.yokogawa.com/cs/gw?c-id=000498).
3. Refer to Advisory: Detailed guidance is available in Yokogawa’s advisory YSAR-26-0002 [here](https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf).
#### Additional Defensive Measures
- Network Isolation: Ensure control system devices are not accessible from the internet.
- Firewall Protection: Locate control system networks behind firewalls and isolate them from business networks.
- Secure Remote Access: Use Virtual Private Networks (VPNs) for remote access, ensuring they are updated to the latest version.
---
Background
Yokogawa’s CENTUM VP systems are widely used in critical infrastructure sectors across the globe. The company, headquartered in Japan, provides automation solutions for industries such as:
- Energy: Oil, gas, and power generation.
- Critical Manufacturing: Chemical, pharmaceutical, and automotive.
- Food & Agriculture: Processing and production facilities.
---
Conclusion
The discovery of these six critical vulnerabilities in Yokogawa’s CENTUM VP systems underscores the importance of proactive cybersecurity measures in industrial environments. Organizations using affected versions must apply the patch immediately and implement defensive strategies to minimize risks. Failure to act could result in operational disruptions, safety hazards, and data breaches.
For more details, refer to the [CISA advisory](https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-09) and Yokogawa’s official documentation.
---
References
[^1]: CISA. "[ICS Advisory (ICSA-26-057-09)](https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-09)". Retrieved 2024-10-15.
[^2]: Yokogawa. "[YSAR-26-0002 Advisory](https://web-material3.yokogawa.com/1/39281/files/YSAR-26-0002-E.pdf)". Retrieved 2024-10-15.
[^3]: NVD. "[CVE Details](https://nvd.nist.gov/vuln/detail/)". Retrieved 2024-10-15.