Yokogawa Mitigates Buffer Overflows

Friday, September 11, 2015 @ 02:09 PM gHale


Yokogawa Electric Corporation released product revisions that mitigate stack-based buffer overflow vulnerabilities in multiple products, according to a report on ICS-CERT.

Successful exploitation of these vulnerabilities could result in a denial-of-service condition impacting network communications and allow arbitrary code execution.

RELATED STORIES
Advantech WebAccess Buffer Overflow
Schneider Patches Modicon PLC Holes
Cogent Code Injection Vulnerability
Moxa Fixes Switch Vulnerabilities
SMA Solar Hard-Coded Account Hole

The following Yokogawa products suffer from the remotely exploitable vulnerabilities:
• CENTUM series:

  1. CENTUM CS 1000 (R3.08.70 or earlier)
  2.  CENTUM CS 3000 (R3.09.50 or earlier)
  3.  CENTUM CS 3000 Entry (R3.09.50 or earlier)
  4.  CENTUM VP (R5.04.20 or earlier)
  5.  CENTUM VP Entry (R5.04.20 or earlier)

• ProSafe-RS (R3.02.10 or earlier)
• Exaopc (R3.72.00 or earlier)
• Exaquantum (R2.85.00 or earlier)
• Exaquantum/Batch (R2.50.30 or earlier)
• Exapilot (R3.96.10 or earlier)
• Exaplog (R3.40.00 or earlier)
• Exasmoc (R4.03.20 or earlier)
• Exarqe (R4.03.20 or earlier)
• Field Wireless Device OPC Server (R2.01.02 or earlier)
• PRM (R3.12.00 or earlier)
• STARDOM VDS (R7.30.01 or earlier)
• STARDOM OPC Server for Windows (R3.40 or earlier)
• FAST/TOOLS (R10.01 or earlier)
• B/M9000CS (R5.05.01 or earlier)
• B/M9000 VP (R7.03.04 or earlier)
• FieldMate (R1.01 or R1.02)

Japan-based Yokogawa maintains offices in several countries around the world, including the Americas, Europe, the Middle East, Africa, South Asia, and East Asia.

Yokogawa provided condensed descriptions of the affected products:
• The CENTUM series products are Windows-based control systems. According to Yokogawa, these products deploy across several sectors, including critical manufacturing, energy, and food and agriculture.
• ProSafe-RS is an integrated distributed control system and safety instrumented system PLC for process industries.
• Exaopc is an interface package that is OPC compliant.
• Exaquantum is a plant information management system.
• Exapilot is an online navigation tool that guides operators through plant operating procedures.
• Exaplog is an event analysis package.
• Exasmoc is a multivariable model predictive controller. This controller sees use in oil and petrochemical plants.
• Exarqe is a software package that provides product quality information. This controller sees use in oil and petrochemical plants.
• Field Wireless Device OPC Server provides field wireless gateway data to the OPC client via an OPC interface.
• PRM is a plant asset management software tool.
• STARDOM VDS stands for Versatile Data Server software, which is web-based HMI and SCADA software.
• STARDOM is a network-based control system.
• FAST/TOOLS is a software package that implements a web-based supervisory control HMI.
• B/M9000CS and B/M9000 VP are quality control systems.
• FieldMate is a device management tool.

Yokogawa estimates its products see use on a global basis.

A specially crafted packet transmitted to the process that executes control over network communications can cause network communications to become unresponsive.

CVE-2015-5626 is the case number assigned to this vulnerability, which Yokogawa gave a CVSS v2 base score of 10.0.

In another case, a specially crafted packet transmits to the process that executes control over network communications can cause the process that uses the communication function to become unavailable.

CVE-2015-5627 is the case number assigned to this vulnerability, which Yokogawa gave a CVSS v2 base score of 10.0.

In another case, a specially crafted packet transmitted to the process that executes control over network communication may allow a remote attackers to execute arbitrary code.

CVE-2015-5628 is the case number assigned to this vulnerability, which Yokogawa assigned a CVSS v2 base score of 10.0.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill would be able to exploit these vulnerabilities.

Yokogawa has released product revisions for multiple affected products that remediate the identified vulnerabilities. Click here to view Yokogawa’s Security Advisory Report, YSAR-15-0003 Vulnerabilities of Communication Functions in CENTUM, and other YOKOGAWA products.

For additional information about the vulnerabilities and to obtain Yokogawa’s product revisions, contact Yokogawa via its Security web site.

Yokogawa offers the following recommendations to minimize the risk associated with these vulnerabilities by applying the actions:
1. Apply properly configured firewall between the external network and control system network to prevent external communication with the affected devices.
2. Prevent unapproved devices from connecting to the network where vulnerable products are connected.



Leave a Reply

You must be logged in to post a comment.