Yokogawa Security Advisory Report List

2024

September 17, 2024 YSAR-24-0003: Denial of Service (DoS) vulnerability in Dual-redundant Platform for Computer
June 17, 2024 YSAR-24-0002: DLL Hijacking Vulnerability in CENTUM CAMS Log server (update : July 4, 2024)
June 26, 2024 YSAR-24-0001: Vulnerabilities in FAST/TOOLS and CI Server (update : July 4, 2024)

 

2023

December 1, 2023 YSAR-23-0003: Denial-of-Service Vulnerability in STARDOM
October 20, 2023 YSAR-23-0002: Affected Yokogawa products by Expat (libexpat) vulnerabilities
April 5, 2023 YSAR-23-0001: Elevation of Privilege Vulnerability in CENTUM Authentication Mode

 

2022

August 26, 2022 YSAR-22-0009: Vulnerability in STARDOM controller
July 29, 2022 YSAR-22-0008: Denial of Service (DoS) vulnerability in CENTUM controller FCS
June 21, 2022 YSAR-22-0007: Vulnerabilities in STARDOM (update : June 29, 2022)
May 27, 2022 YSAR-22-0006: Data breach / falsification and resource exhaustion vulnerabilities in CAMS for HIS (update : July 27, 2022)
June 3, 2022 YSAR-22-0005: Denial of Service (DoS) vulnerability in Wide Area Communication Router (update : July 27, 2022)
March 10, 2022 YSAR-22-0004: Vulnerabilities in CENTUM and ProSafe-RS (update : April 26, 2022)
February 9, 2022 YSAR-22-0003: Affected Yokogawa products by Apache Log4j vulnerabilities
Jan 14, 2022 YSAR-22-0002: Vulnerability of license function in Yokogawa products (update : March 25, 2022)
Jan 7, 2022 YSAR-22-0001: Vulnerabilities in CENTUM and Exaopc (update : February 9, 2022)

 

2021

Oct 27, 2021 YSAR-21-0004: Notification of the update of MSXML in Yokogawa products
May 31, 2021 YSAR-21-0003: Affected Yokogawa products by Treck IP Stack vulnerabilities (update : October 14, 2021)
Apr 23, 2021 YSAR-21-0002: Affected Yokogawa products by CPU Vulnerability Meltdown / Spectre
Apr 23, 2021 YSAR-21-0001: Update of old version VB6 Runtime in Yokogawa products (update : September 6, 2021)

 

2020

Sep 25, 2020 YSAR-20-0002: Vulnerability in WideField3
Jul 31, 2020 YSAR-20-0001: Vulnerabilities in CAMS for HIS (update : December 2, 2020)

 

2019

Sep 27, 2019 YSAR-19-0003: “Unquoted service path” vulnerability in Yokogawa Products Add quotes (update : September 6, 2021)
May 17, 2019 YSAR-19-0002: Vulnerability of Microsoft CAPICOM in Yokogawa Products
January 25, 2019 YSAR-19-0001: Vulnerability of access control in License Manager Service of Yokogawa products (update : February 28, 2019)

 

2018

     

Dec 21, 2018 YSAR-18-0008: Denial of Service (DoS) vulnerability in Vnet/IP Open Communication Driver
Sep 28, 2018 YSAR-18-0007: Vulnerabilities in STARDOM controllers
Aug 17, 2018 YSAR-18-0006: Buffer overflow vulnerability in the license management function of YOKOGAWA products
Aug 17, 2018 YSAR-18-0005: Vulnerabilities of debug functions in Vnet/IP network switches
May 21, 2018 YSAR-18-0004: Vulnerability of hardcoded password in STARDOM controllers
April 27, 2018 YSAR-18-0003: Vulnerabilities of remote management functions in Vnet/IP network switches
April 5, 2018 YSAR-18-0002: Vulnerability of remote management access control on computers provided as Yokogawa system components 2
January 22, 2018 YSAR-18-0001: Faked and blocked alarms Vulnerability in CENTUM and Exaopc

 

2017

August 10, 2017 YSAR-17-0001: Vulnerability of remote management access control on computers provided as Yokogawa system components (update : December 22, 2017)

 

2016

September 14, 2016 YSAR-16-0002: Arbitrary command execution vulnerability in STARDOM
March 23, 2016 YSAR-16-0001: Vnet/IP network switches reveal administrator password in SNMP community string (update : December 22, 2017)

 

2015

September 10, 2015 YSAR-15-0003: Vulnerabilities of communication functions in CENTUM and other Yokogawa products (update : December 22, 2017)
July 13, 2015 YSAR-15-0002: SNMPv3 authentication bypass vulnerability in Vnet/IP network switch (update : December 22, 2017)
February 16, 2015 YSAR-15-0001: Buffer overflow vulnerability in YOKOGAWA HART Device DTM (update : December 25, 2017)

 

2014

December 5, 2014 YSAR-14-0005: SSLv3 protocol vulnerability of decrypting the encrypted data in YOKOGAWA products (update : December 22, 2017)
November 28, 2014 YSAR-14-0004: XML External Entity (XXE) processing Vulnerability in FAST/TOOLS (update : December 22, 2017)
September 17, 2014 YSAR-14-0003: Arbitrary File Read/Write Vulnerability in CENTUM series and Exaopc (update : December 22, 2017)
July 7, 2014 YSAR-14-0002: Buffer Overflow Vulnerability in CENTUM systems and Exaopc (update : December 22, 2017)
March 7, 2014 YSAR-14-0001: Vulnerabilities in CENTUM and other Yokogawa products (update : December 22, 2017)

 

About vulnerability handling policy


Top