Global   
Products

Product Security

Yokogawa has established the basic policy and measures criteria for the security control of products. By implementing them in product development processes, Yokogawa is striving to eliminate vulnerabilities from products and improve security. We define a system lifecycle to be the entire period from product development to system introduction and operation.

Challenges for Customers: Plant and control systems are targeted by malicious cyber-attackers.

Customers Challenges

Plant and control systems are targeted by malicious cyber-attackers.

  • Malicious attackers are starting to focus on plant and control systems.
  • Cyber-attacks on control systems are increasing.
  • Customers want to introduce more secure control system products.

Our Solutions

Yokogawa provides secure control system products.

  • Yokogawa provides secure control system products that allow customers to operate their plants without undue concern, by introducing a secure development lifecycle, obtaining security certifications, and more.
Our Solutions: Yokogawa provides secure control system products.
Customer Benefits: Customers can build a more secure control system by using our secure control system products.

Customer Benefits

Customers can build a more secure control system by using our secure control system products.

  • A defense-in-depth strategy makes control system products more secure.
  • As a result, customers can build a more secure control system.

 

Enabling Technology

Effects of providing secure control system products

  • Introduce the Secure Development Lifecycle (SDLC).
  • Obtain various security certifications.
  • Built-in security
  • By working with security software vendors, Yokogawa provides security software for its system products.
  • Product Security Incident Response Team (PSIRT)
  • Yokogawa Security Advisory Report (YSAR)

 

Enabling Technology: Effects of providing secure control system products

 

Secure Development Lifecycle (SDLC)

Yokogawa introduces Secure Development Lifecycle.

The Secure Development Lifecycle means taking security measures in each phase of the development process. It aims to minimize vulnerabilities generated in deliverables of each development phase and detect them as early as possible.

Secure Development Lifecycle

Yokogawa has obtained various security certifications.

  • ISASecure Certification
  • Wurldtech Achilles Communications Certification

 

ISASecure® Certification

To assure customers of the high reliability of its products, Yokogawa obtained ISASecure certifications.

 

ISASecure SDLA certification

The ISASecure SDLA certification is a security certification for Control System Development Process. This certification was granted based on an examination that ascertained the organization is in compliance with the IEC 62443-4-1 standard and certain other requirements.

Name of development process

 Organization Certificate (Standard)

Date

Secure Development Life Cycle (SDLC)

 Yokogawa Engineering Asia Pte. Ltd
5 Bedok South Road, Singapore
 		 ISASecure SDLA Version 3.0.0 (ISA/IEC 62443-4-1:2018)
 

March 31, 2021

Secure Development Life Cycle (SDLC)

 Yokogawa Electric Corporation
Musashino, Tokyo Japan
 		 ISASecure SDLA Version 2.0.0 (ISA/IEC 62443-4-1: 2018) 

January 22, 2020

 

ISASecure EDSA certification

The ISASecure EDSA certification is a security certification for embedded devices based on the ISA/IEC 62443-4 standard.

The ISASecure EDSA certification has three elements: communication robustness testing (CRT), functional security assessment (FSA), and software development security assessment (SDSA).

CENTUM VP Controller

CENTUM VP Controller R6.01.00

ISASecure EDSA 2010.1 Level 1

August 7, 2015

CENTUM VP Controller

CENTUM VP Controller R5.03.00

ISASecure EDSA 2010.1 Level 1

July 14, 2014

 

ProSafe-RS Safety Controller

ProSafe-RS Safety Controller R3.02.10

ISASecure EDSA 2010.1 Level 1

December 24, 2013

 

ProSafe-RS Safety Controller

ProSafe-RS Safety Controller R4.01.00

ISASecure EDSA 2010.1 Level 1

July 26, 2016

 

exida's news: exida Certifies Yokogawa ProSafe-RS Safety Controller to ISASecure™ EDSA Level 1

 

Wurldtech Achilles Communications Certification

To assure customers of the high reliability of its products, Yokogawa obtained the Achilles Communications Certification, which is a security certificate for embedded devices found in critical infrastructure; it ensures end-point security of controllers.

The Achilles Communications Certification is security certificate for embedded devices found in critical infrastructure.

The Achilles Communications Certification ensures the end-point security of the controllers.

CENTUM VP Wide Area communication Router

CENTUM VP Wide Area communication Router AW810D

Achilles Level 1 Certification

April 2014

ProSafe-RS Safety Controller

ProSafe-RS Safety Controller SSC60D

Achilles Level 2 Certification

February 2014

ProSafe-RS Safety Controller

ProSafe-RS Safety Controller SSC50D / SSC57D

Achilles Level 2 Certification

February 2014

 

 

CENTUM VP Controller

CENTUM VP Controller AFV30D

Achilles Level 1 Certification

March 2012

CENTUM VP Controller

CENTUM VP Controller AFV10D

Achilles Level 1 Certification

March 2012

CENTUM VP Vnet Router

CENTUM VP Vnet Router AVR10D

Achilles Level 1 Certification

March 2012

ProSafe-RS Safety Controller

ProSafe-RS Safety Controller SSC60D

Achilles Level 1 Certification

March 2011

CENTUM CS 3000 Controller

CENTUM CS 3000 Controller AFV10D

Achilles Level 1 Certification

February 2007

CENTUM CS 3000 Vnet Router

CENTUM CS 3000 Vnet Router AVR10D

Achilles Level 1 Certification

February 2007

ProSafe-RS Safety Controller

ProSafe-RS Safety Controller SSC50D

Achilles Level 1 Certification

February 2007

STARDOM FCJ Controller

Stardom FCJ Controller NFJT100

Achilles Level 1 Certification

February 2007

 

Security of Vnet/IP 

The Vnet/IP used in Yokogawa’s production control systems and safety instrumented systems is a control network based on Ethernet technology.

Vnet/IP
  • Authentication: Countermeasure against spoofing and falsification
    Vnet/IP uses a key exchange method that ensures secure continuous communication even during periodic key updating processes.
    In Vnet/IP, IP addresses are assigned to all ports of the controllers constituting a redundant system, and key exchanges are constantly performed with each port independently, making it possible to restart communication immediately after switchover of the controller or communication channel.
  • Discarding packets: Countermeasure against DoS attack on the controller
    The controller is equipped with two CPUs: one for control and the other for communication, so that the load on the communication layer does not affect the control processing. Unnecessary packets are discarded at the lower levels of the communication layer to reduce the load. If one of the duplexed channels receives more packets than predetermined amounts, communication through its channel is stopped for a certain time and is continued through another channel instead.

IT Security Tool

The Windows OS has various functions, but those not used for control system products can be disabled to block vulnerabilities in those functions. In addition, the proper setting of OS security functions can harden the system without affecting system operation. It is possible to set them on the tools provided by the OS without using a dedicated tool. However, the required items are wide-ranging and the procedure is often complicated, easily causing setting errors.
Yokogawa’s IT security tool provides automatic security setting of the OS, thus reducing setting errors and other human errors and eliminating vulnerabilities caused by these errors.

 

Yokogawa is an OEM alliance partner of Intel Security (McAfee).
The combination of Intel Security and Yokogawa provides security software for Yokogawa’s control system products.
This security software works exceedingly well with Yokogawa’s Endpoint Security Service.

Intel Security McAfee

Standard Antivirus Software for Endpoint Security

Standard Antivirus Software for Endpoint Security (the Standard AV Software) uses the antivirus method for Yokogawa's control system products.
When combined with Yokogawa's Endpoint Security Service, the Standard AV Software has the following features in addition to the functions of general antivirus software.

  • Optimized configuration
    Yokogawa provides an optimized configuration of the Standard AV Software in combination with Yokogawa’s system product software.
  • Confirmation of Stable Operating Conditions of Yokogawa’s IA Control System
    The HMIs and servers of IA control systems require real-time response and stable throughput for operator manipulations or data acquisition requests from supervisory systems. However, antivirus software may influence the performance of PCs and servers due to their characteristics.
    In addition, newly released virus definition files may cause normal software to be falsely detected as malware (false-positive) and such false-positives may affect the operation of the control system.
    So, Yokogawa confirms the Standard AV Software and newly released virus definition files and engine in combination with its control system products to ensure that no false-positive occurs, and also verifies the operation of its control system products.

Standard Whitelisting Software for Endpoint Security

Standard Whitelisting Software for Endpoint Security (Standard WL Software) adopts malware inactivation measures for Yokogawa’s control system products.
The Standard WL Software has the following features in addition to the functions of general whitelisting software when combined with Yokogawa’s Endpoint Security Service.

  • Optimized configuration
    Yokogawa provides an optimized configuration of the Standard WL Software in combination with Yokogawa’s system product software.

Yokogawa Product Security Incident Response Team (PSIRT)

Yokogawa PSIRT provides Yokogawa Product Vulnerability Support.
As a focal point, Yokogawa PSIRT leads and manages vulnerability information of Yokogawa’s products together with Yokogawa’s internal and external organizations.

  • Publishing security vulnerability reports
    Yokogawa PSIRT publishes security vulnerability reports of Yokogawa’s products through security advisories which contains affected products, measures and relevant information.

  • Obtaining information on suspected security vulnerabilities
    Yokogawa PSIRT obtains information on suspected security vulnerabilities from vulnerability information reporters such as security researchers and customers.

     

Yokogawa Product Security Incident Response Team

 

 

 

 

 

Yokogawa Security Advisory Report List

2021

Apr 23, 2021 YSAR-21-0002: Affected Yokogawa products by CPU Vulnerability Meltdown / Spectre
Apr 23, 2021 YSAR-21-0001: Update of old version VB6 Runtime in Yokogawa products

 

2020

Sep 25, 2020 YSAR-20-0002: Vulnerability in WideField3
Jul 31, 2020 YSAR-20-0001: Vulnerabilities in CAMS for HIS (update : December 2, 2020)

 

2019

Sep 27, 2019 YSAR-19-0003: “Unquoted service path” vulnerability in Yokogawa Products Add quotes (update : July 31, 2020)
May 17, 2019 YSAR-19-0002: Vulnerability of Microsoft CAPICOM in Yokogawa Products
January 25, 2019 YSAR-19-0001: Vulnerability of access control in License Manager Service of Yokogawa products (update : February 28, 2019)

 

2018

Dec 21, 2018 YSAR-18-0008: Denial of Service (DoS) vulnerability in Vnet/IP Open Communication Driver
Sep 28, 2018 YSAR-18-0007: Vulnerabilities in STARDOM controllers
Aug 17, 2018 YSAR-18-0006: Buffer overflow vulnerability in the license management function of YOKOGAWA products
Aug 17, 2018 YSAR-18-0005: Vulnerabilities of debug functions in Vnet/IP network switches
May 21, 2018 YSAR-18-0004: Vulnerability of hardcoded password in STARDOM controllers
April 27, 2018 YSAR-18-0003: Vulnerabilities of remote management functions in Vnet/IP network switches
April 5, 2018 YSAR-18-0002: Vulnerability of remote management access control on computers provided as Yokogawa system components 2
January 22, 2018 YSAR-18-0001: Faked and blocked alarms Vulnerability in CENTUM and Exaopc

 

2017

August 10, 2017 YSAR-17-0001: Vulnerability of remote management access control on computers provided as Yokogawa system components (update : December 22, 2017)

 

2016

September 14, 2016 YSAR-16-0002: Arbitrary command execution vulnerability in STARDOM
March 23, 2016 YSAR-16-0001: Vnet/IP network switches reveal administrator password in SNMP community string (update : December 22, 2017)

 

2015

September 10, 2015 YSAR-15-0003: Vulnerabilities of communication functions in CENTUM and other Yokogawa products (update : December 22, 2017)
July 13, 2015 YSAR-15-0002: SNMPv3 authentication bypass vulnerability in Vnet/IP network switch (update : December 22, 2017)
February 16, 2015 YSAR-15-0001: Buffer overflow vulnerability in YOKOGAWA HART Device DTM (update : December 25, 2017)

 

2014

December 5, 2014 YSAR-14-0005E: SSLv3 protocol vulnerability of decrypting the encrypted data in YOKOGAWA products (update : December 22, 2017)
November 28, 2014 YSAR-14-0004E: XML External Entity (XXE) processing Vulnerability in FAST/TOOLS (update : December 22, 2017)
September 17, 2014 YSAR-14-0003E: Arbitrary File Read/Write Vulnerability in CENTUM series and Exaopc (update : December 22, 2017)
July 7, 2014 YSAR-14-0002E: Buffer Overflow Vulnerability in CENTUM systems and Exaopc (update : December 22, 2017)
March 7, 2014 YSAR-14-0001E: Vulnerabilities in CENTUM and other Yokogawa products (update : December 22, 2017)

 

About vulnerability handling policy

 

White Paper
Yokogawa Security Advisory Report List
Thumbnail
White Paper
Yokogawa Security Advisory Report: Vnet/IP network switches reveal administrator password in SNMP community string  
Thumbnail
157 KB
Overview:

YSAR-16-0001: Vnet/IP network switches reveal administrator password in SNMP community string
White Paper
Yokogawa Security Advisory Report: Vulnerability of communication functions in CENTUM and other Yokogawa products  
Thumbnail
230 KB
Overview:

YSAR-15-0003: Vulnerability of communication functions in CENTUM and other Yokogawa products
White Paper
Yokogawa Security Advisory Report: SNMPv3 authentication bypass vulnerability in Vnet/IP network switch  
Thumbnail
304 KB
Overview:

YSAR-15-0002: SNMPv3 authentication bypass vulnerability in Vnet/IP network switch
White Paper
Yokogawa Security Advisory Report: Buffer overflow vulnerability in YOKOGAWA HART Device DTM  
Thumbnail
222 KB
Overview:

YSAR-15-0001: Buffer overflow vulnerability in YOKOGAWA HART Device DTM
White Paper
Yokogawa Security Advisory Report: SSLv3 protocol vulnerability of decrypting the encrypted data in YOKOGAWA products  
Thumbnail
78 KB
Overview:

YSAR-14-0005E: SSLv3 protocol vulnerability of decrypting the encrypted data in YOKOGAWA products
White Paper
Yokogawa Security Advisory Report: XML External Entity (XXE) processing Vulnerability in FAST/TOOLS  
Thumbnail
209 KB
Overview:

YSAR-14-0004E: XML External Entity (XXE) processing Vulnerability in FAST/TOOLS
White Paper
Yokogawa Security Advisory Report: Arbitrary File Read/Write Vulnerability in CENTUM series and Exaopc  
Thumbnail
105 KB
Overview:

YSAR-14-0003E: Arbitrary File Read/Write Vulnerability in CENTUM series and Exaopc
White Paper
Yokogawa Security Advisory Report: Buffer Overflow Vulnerability in CENTUM systems and Exaopc  
Thumbnail
194 KB
White Paper
Yokogawa Security Advisory Report: Vulnerabilities in CENTUM and other Yokogawa products  
Thumbnail
216 KB
Overview:

YSAR-14-0001E: Vulnerabilities in CENTUM and other Yokogawa products
White Paper
Yokogawa Security Advisory Report: Arbitrary command execution vulnerability in STARDOM  
Thumbnail
53 KB
Overview:

YSAR-16-0002: Arbitrary command execution vulnerability in STARDOM
Certificates

Looking for more information on our people, technology and solutions?


Contact Us
Top