Series of Buffer Overflows Plague Many Yokogawa ICS Products

critical infrastructure security

There is a series of stack buffer overflows in nearly 20 ICS products manufactured by Japanese vendor Yokogawa that can lead to remote code execution. 

The bugs affect a long list of the company’s products, which are used in a variety of industries around the world. The Yokogawa products are mainly control systems, plant-management systems, event-analysis systems, and other industrial software packages. They include the Centum series of Windows-based control systems, ProSafe-RS, Exaopc, Exaquantum, and many others.

All of the vulnerabilities are stack-based buffer overflows but they have different levels of seriousness. One of the flaws can lead to remote code execution, while the other two can lead to services becoming unavailable.

“Successful exploitation of these vulnerabilities could result in a denial-of-service condition impacting network communications and allow arbitrary code execution,” an advisory from ICS-CERT says.

The list of affected products includes:

  • CENTUM series:
    • CENTUM CS 1000 (R3.08.70 or earlier),
    • CENTUM CS 3000 (R3.09.50 or earlier),
    • CENTUM CS 3000 Entry (R3.09.50 or earlier),
    • CENTUM VP (R5.04.20 or earlier),
    • CENTUM VP Entry (R5.04.20 or earlier),
  • ProSafe-RS (R3.02.10 or earlier),
  • Exaopc (R3.72.00 or earlier),
  • Exaquantum (R2.85.00 or earlier),
  • Exaquantum/Batch (R2.50.30 or earlier),
  • Exapilot (R3.96.10 or earlier),
  • Exaplog (R3.40.00 or earlier),
  • Exasmoc (R4.03.20 or earlier),
  • Exarqe (R4.03.20 or earlier),
  • Field Wireless Device OPC Server (R2.01.02 or earlier),
  • PRM (R3.12.00 or earlier),
  • STARDOM VDS (R7.30.01 or earlier),
  • STARDOM OPC Server for Windows (R3.40 or earlier),
  • FAST/TOOLS (R10.01 or earlier),
  • B/M9000CS (R5.05.01 or earlier),
  • B/M9000 VP (R7.03.04 or earlier), and
  • FieldMate (R1.01 or R1.02).

“If an intentionally crafted packet is transmitted to the process which executes control network communication, the network communication becomes unresponsive. And then the process that uses the communication function become unavailable. There is a potential risk that successful exploitation of this vulnerability allows remote attackers to execute arbitrary code,” Yokogawa’s advisory says.

Yokogawa has produced patches for the affected products, but not all of them are available publicly yet.

Suggested articles