Yokogawa CENTUM VP

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-092-02.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an attacker to login as the PROG user and modify permissions. /strong /p p The following versions of Yokogawa CENTUM VP are affected: /p ul li CENTUM VP gt;=R5.01.00| /li li CENTUM VP gt;=R6.01.00| /li li CENTUM VP vR7.01.00 (CVE-2025-7741) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 4 /td td Yokogawa /td td Yokogawa CENTUM VP /td td Use of Hard-coded Password /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing, Energy, Food and Agriculture /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Japan /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2025-7741 /a /h3 div class="csaf-accordion-content" p Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default permission for the PROG users is S1 permission (equivalent to OFFUSER). Therefore, for properly permission-controlled targets of operation and monitoring, even if an attacker logs in as the PROG user, the risk of critical operations or configuration changes being performed is considered low. If the PROG user's permissions have been changed for any reason, there is a risk that operations or configuration changes may be performed under the modified permissions. Additionally, exploiting this vulnerability requires an attacker to already have access to the HIS screen controls. /p p a href="https://www.cve.org/CVERecord?id=CVE-2025-7741" View CVE Details /a /p hr h4 Affected Products /h4 h5 Yokogawa CENTUM VP /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Yokogawa /div div class="ics-version" strong Product Version: /strong br Yokogawa CENTUM VP: gt;=R5.01.00| lt;R5.04.20, Yokogawa CENTUM VP: gt;=R6.01.00| lt;R6.12.00, Yokogawa CENTUM VP: vR7.01.00 /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Yokogawa recommends users applying the following mitigations to affected versions: /p p strong Vendor fix /strong br CENTUM VP R5.01.00 to R5.04.20: Change the user authentication mode to Windows Au