Yokogawa has established the basic policy and measures criteria for the security control of products. By implementing them in product development processes, Yokogawa is striving to eliminate vulnerabilities from products and improve security. We define a system lifecycle to be the entire period from product development to system introduction and operation.
Plant and control systems are targeted by malicious cyber-attackers.
Yokogawa provides secure control system products.
Customers can build a more secure control system by using our secure control system products.
Effects of providing secure control system products
Yokogawa introduces Secure Development Lifecycle.
The Secure Development Lifecycle means taking security measures in each phase of the development process. It aims to minimize vulnerabilities generated in deliverables of each development phase and detect them as early as possible.
Yokogawa has obtained various security certifications.
To assure customers of the high reliability of its products, Yokogawa obtained ISASecure certifications.
The ISASecure SDLA certification is a security certification for Control System Development Process. This certification was granted based on an examination that ascertained the organization is in compliance with the IEC 62443-4-1 standard and certain other requirements.
Name of development process |
Organization | Certificate (Standard) |
Date |
---|---|---|---|
Secure Development Life Cycle (SDLC) |
Yokogawa Engineering Asia Pte. Ltd 5 Bedok South Road, Singapore |
ISASecure SDLA Version 3.0.0 (ISA/IEC 62443-4-1:2018) |
March 31, 2021 |
Secure Development Life Cycle (SDLC) |
Yokogawa Electric Corporation Musashino, Tokyo Japan |
ISASecure SDLA Version 2.0.0 (ISA/IEC 62443-4-1: 2018) |
January 22, 2020 |
The ISASecure EDSA certification is a security certification for embedded devices based on the ISA/IEC 62443-4 standard.
The ISASecure EDSA certification has three elements: communication robustness testing (CRT), functional security assessment (FSA), and software development security assessment (SDSA).
CENTUM VP Controller R5.03.00
ISASecure EDSA 2010.1 Level 1
July 14, 2014
exida's news: exida Certifies Yokogawa ProSafe-RS Safety Controller to ISASecure™ EDSA Level 1
To assure customers of the high reliability of its products, Yokogawa obtained the Achilles Communications Certification, which is a security certificate for embedded devices found in critical infrastructure; it ensures end-point security of controllers.
The Achilles Communications Certification is security certificate for embedded devices found in critical infrastructure.
The Achilles Communications Certification ensures the end-point security of the controllers.
CENTUM VP Controller AFV10D
Achilles Level 1 Certification
March 2012
ProSafe-RS Safety Controller SSC60D
Achilles Level 1 Certification
March 2011
CENTUM CS 3000 Controller AFV10D
Achilles Level 1 Certification
February 2007
CENTUM CS 3000 Vnet Router AVR10D
Achilles Level 1 Certification
February 2007
ProSafe-RS Safety Controller SSC50D
Achilles Level 1 Certification
February 2007
Stardom FCJ Controller NFJT100
Achilles Level 1 Certification
February 2007
The Vnet/IP used in Yokogawa’s production control systems and safety instrumented systems is a control network based on Ethernet technology.
The Windows OS has various functions, but those not used for control system products can be disabled to block vulnerabilities in those functions. In addition, the proper setting of OS security functions can harden the system without affecting system operation. It is possible to set them on the tools provided by the OS without using a dedicated tool. However, the required items are wide-ranging and the procedure is often complicated, easily causing setting errors.
Yokogawa’s IT security tool provides automatic security setting of the OS, thus reducing setting errors and other human errors and eliminating vulnerabilities caused by these errors.
Yokogawa is an OEM alliance partner of Intel Security (McAfee).
The combination of Intel Security and Yokogawa provides security software for Yokogawa’s control system products.
This security software works exceedingly well with Yokogawa’s Endpoint Security Service.
Standard Antivirus Software for Endpoint Security (the Standard AV Software) uses the antivirus method for Yokogawa's control system products.
When combined with Yokogawa's Endpoint Security Service, the Standard AV Software has the following features in addition to the functions of general antivirus software.
Standard Whitelisting Software for Endpoint Security (Standard WL Software) adopts malware inactivation measures for Yokogawa’s control system products.
The Standard WL Software has the following features in addition to the functions of general whitelisting software when combined with Yokogawa’s Endpoint Security Service.
Yokogawa PSIRT provides Yokogawa Product Vulnerability Support.
As a focal point, Yokogawa PSIRT leads and manages vulnerability information of Yokogawa’s products together with Yokogawa’s internal and external organizations.
Obtaining information on suspected security vulnerabilities
Yokogawa PSIRT obtains information on suspected security vulnerabilities from vulnerability information reporters such as security researchers and customers.
Apr 23, 2021 | YSAR-21-0002: Affected Yokogawa products by CPU Vulnerability Meltdown / Spectre |
Apr 23, 2021 | YSAR-21-0001: Update of old version VB6 Runtime in Yokogawa products |
Sep 25, 2020 | YSAR-20-0002: Vulnerability in WideField3 |
Jul 31, 2020 | YSAR-20-0001: Vulnerabilities in CAMS for HIS (update : December 2, 2020) |
August 10, 2017 | YSAR-17-0001: Vulnerability of remote management access control on computers provided as Yokogawa system components (update : December 22, 2017) |
About vulnerability handling policy
YSAR-16-0001: Vnet/IP network switches reveal administrator password in SNMP community string
YSAR-15-0003: Vulnerability of communication functions in CENTUM and other Yokogawa products
YSAR-15-0002: SNMPv3 authentication bypass vulnerability in Vnet/IP network switch
YSAR-15-0001: Buffer overflow vulnerability in YOKOGAWA HART Device DTM
YSAR-14-0005E: SSLv3 protocol vulnerability of decrypting the encrypted data in YOKOGAWA products
YSAR-14-0004E: XML External Entity (XXE) processing Vulnerability in FAST/TOOLS
YSAR-14-0003E: Arbitrary File Read/Write Vulnerability in CENTUM series and Exaopc
YSAR-14-0001E: Vulnerabilities in CENTUM and other Yokogawa products
YSAR-16-0002: Arbitrary command execution vulnerability in STARDOM