Yokogawa Fixes Buffer Overflow

Tuesday, August 21, 2018 @ 03:08 PM gHale

Yokogawa has a new version to mitigate a stack-based buffer overflow in its iDefine, STARDOM, ASTPLANNER, and TriFellows products, according to a report with NCCIC.

Successful exploitation of this vulnerability, which Yokogawa self-reported, may allow arbitrary code execution, or the stopping of the license management function.

RELATED STORIES
Philips’ Cardiograph Update Plans Next Year
Tridium Mitigation Plan for Niagara
Emerson Patches DeltaV DCS Workstations
Philips Vulnerability Mitigation Plan

The following products suffer from the remotely exploitable vulnerability:
• ASTPLANNER: R15.01 and prior
• iDefine for ProSafe-RS: R1.16.3 and prior
• STARDOM: VDS R7.50 and prior and FCN/FCJ Simulator R4.20 and prior
• TriFellows: Version 5.04 and prior

This vulnerability affects the license management function when it receives specially crafted data. An attacker could overflow the buffer by exploiting this, which may result in the license management function stopping or result in arbitrary code execution.

CVE-2018-0651 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.

The products see use mainly in the critical manufacturing, energy, and food and agriculture sectors. They also see action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Yokogawa recommends users to update to the latest versions or apply the patch:
• ASTPLANNER: Update to R15.02.01 or contact support for the patch
• iDefine for ProSafe-RS: Update to R1.16.4
• STARDOM: Update to VDS R8.10 or contact support for the patch
• TriFellows: Update to Version 5.10 or contact support for the patch

For support issues:
• iDefine for ProSafe-RS and STARDOM 
ASTPLANNER and TriFellows 

When Yokogawa service personnel perform system upgrade or install patches, those charges are borne by the user. Please contact support in the following section for the countermeasures regarding the affected products. Yokogawa suggests all users to introduce appropriate security measures not only for the vulnerability identified, but also to the overall systems.

Refer to Yokogawa’s security notification YSAR-18-0006 for more information.



Leave a Reply

You must be logged in to post a comment.