Yokogawa CENTUM VP
Summary
A hard-coded password vulnerability (CVE-2025-7741) has been identified in Yokogawa CENTUM VP industrial control systems. Successful exploitation could allow an attacker with access to the HIS screen controls to log in as the PROG user and potentially modify permissions, leading to unauthorized operations depending on the user's privilege level.
IFF Assessment
This vulnerability allows attackers to gain unauthorized access and modify system configurations in critical infrastructure, posing a direct threat to operational integrity.
Severity
The CVSS score of 4.0 (v3) is based on the 'Use of Hard-coded Password' vulnerability. While it requires local access to the HIS screen controls, the potential for privilege escalation and modification of permissions represents a moderate security risk.
Defender Context
This alert highlights a critical vulnerability in widely deployed industrial control systems, specifically Yokogawa CENTUM VP. Defenders must prioritize patching or implementing recommended mitigations to prevent unauthorized access and potential disruption of manufacturing and energy sectors. The requirement for local access to the HIS screen controls indicates a need for strict physical security measures and network segmentation.