Impact of DCOM

Last Updated: December 13, 2022

In the Windows update released on June 14, 2022 (*1), the setting to enable hardening the DCOM server’s authentication level becomes the default setting. With the application of the Windows update, unintended behavior (e.g., inability to communicate etc.) has been observed in products that use DCOM technology. Yokogawa is ready to inform customers of whether or not the product operation is affected (*2), and our future policy for resolving the issue, including solutions and workarounds in the event that it is affected.

*1 This is one of a series of Windows updates that Microsoft is releasing in response to the DCOM vulnerability in Windows that was disclosed as CVE-2021-26414.

*2 The investigation results for the target products described in this document are the results of an investigation on the impact of applying the Windows update (June 14, 2022) on the DCOM server's authentication level hardening. The investigation results do not guarantee the presence or absence of effects on operations other than DCOM functions. Please refer to the information provided by our Endpoint Security Service (EPS Service) for the impact and applicability of Windows updates on each product on or after June 14, 2022.

 

Investigation results of the target products

Behaviors of DCOM function of the following products are not affected if the Windows update program (June 14, 2022 or later) was applied.

  • ProSafe-RS、ProSafe-RS Lite
  • Exaopc*1
  • Insight Suite AE (ISAE)
  • FieldMate Validator
  • Dual-redundant Platform for Computer
  • Virtualization Platform
  • VTSPortal
  • STARDOM
  • OpreX Integrated Recipe Manager (IRM)
  • Mirror Plant
  • Exaplog

*1 When Windows Update is applied to Exaopc, the OPC client products (Exaquantum, etc.) that communicate with Exaopc must also be made hardened for DCOM authentication level, otherwise communication between the products may become impossible.

It has been confirmed that behaviors of DCOM function of the following products will be affected once the Windows update program (June 14, 2022 or later) was applied.
For more information on investigation results, solutions and workarounds, please contact Yokogawa Group Local Service / Service office.

  • CENTUM VP
  • Exaquantum
  • Exaquantum/Batch
  • Exaquantum Applications
  • Plant Resource Manager (PRM)
  • PRM Commissioning Support Package (PRM CSP)*2
  • Collaborative Information Server (CI Server)
  • FAST/TOOLS

*2 Although it was initially stated that the product was not affected, it has been confirmed that it is affected as a result of additional investigation. If you have already applied the Windows update program (June 14, 2022 or later), please contact Yokogawa Group Local Service / Service office for solutions.

It is already confirmed that after applying the Windows update released on or after September 14, 2021, error events (ID=10036, 10037, 10038) related to this issue are recorded in the Windows event log. In some products, the error events cannot be suppressed but do not affect product operation. Please contact Yokogawa Group Local Service / Service office for information about the error events.

 

Notes

  • The contents of this website is limited to Yokogawa products. Customers are requested to investigate the impact on products other than Yokogawa products.
  • Windows 7, Windows Server 2008, etc., which are supported by Extended Security Updates (ESU) are not included in the above survey.
  • Any changes in the information of each product will be announced on this website.
  • Every month, Yokogawa checks the behavior of the combination of Yokogawa's control system products with Microsoft product updates and provides the results as an End Point Security service on our members-only Web page. We hope you will take this opportunity to consider signing up for this service.

 

Reference information

The detail information related to this DCOM issue is shown on the below Web site.

Looking for more information on our people, technology and solutions?

Contact Us

Top