VYPR
Vendor

Yokogawa

Products
37
CVEs
68
Across products
159
Status
Private

Products

37
View all 37 products →

Recent CVEs

68
View all 68 CVEs →
  • CVE-2025-1863CriApr 18, 2025
    risk 0.64cvss 9.8epss 0.01

    Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all…

  • CVE-2018-10592CriJul 31, 2018
    risk 0.64cvss 9.8epss 0.07

    Yokogawa STARDOM FCJ controllers R4.02 and prior, FCN-100 controllers R4.02 and prior, FCN-RTU controllers R4.02 and prior, and FCN-500 controllers R4.02 and prior utilize hard-coded credentials that could allow an attacker to gain unauthorized administrative access to the…

  • CVE-2025-66600HigFeb 9, 2026
    risk 0.57cvss epss 0.00

    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product lacks HSTS (HTTP Strict Transport Security) configuration. When an attacker performs a Man in the middle (MITM) attack, communications with the web server could be sniffed. …

  • CVE-2024-5650HigJun 17, 2024
    risk 0.55cvss 8.5epss 0.00

    DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one,…

  • CVE-2024-8110HigSep 17, 2024
    risk 0.49cvss 7.5epss 0.00

    Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart. If both the active…

  • CVE-2016-4860HigSep 19, 2016
    risk 0.48cvss 7.3epss 0.03

    Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change value, or (3) modify…

  • CVE-2025-66599MedFeb 9, 2026
    risk 0.45cvss epss 0.00

    A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS…

  • CVE-2024-4105MedJun 26, 2024
    risk 0.38cvss 5.8epss 0.00

    A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw (Reflected XSS) that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures…

  • CVE-2024-4106MedJun 26, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set by default, an attacker can break into the affected product. The affected products and…

  • CVE-2014-3888Jul 10, 2014
    risk 0.08cvss epss 0.62

    Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled,…

  • CVE-2014-0782May 16, 2014
    risk 0.08cvss epss 0.57

    Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS…

  • CVE-2014-0783Mar 14, 2014
    risk 0.08cvss epss 0.68

    Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.

  • CVE-2014-0784Mar 14, 2014
    risk 0.06cvss epss 0.36

    Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.

  • CVE-2014-5208Dec 22, 2014
    risk 0.05cvss epss 0.23

    BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR…

  • CVE-2014-0781Mar 14, 2014
    risk 0.05cvss epss 0.25

    Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.

  • CVE-2015-5628Feb 5, 2020
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and…

  • CVE-2019-5909Feb 13, 2019
    risk 0.01cvss epss 0.05

    License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send…

  • CVE-2026-11833Jun 23, 2026
    risk 0.00cvss epss 0.00

    Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: …

  • CVE-2025-48023Feb 13, 2026
    risk 0.00cvss epss 0.00

    A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface…

  • CVE-2025-48022Feb 13, 2026
    risk 0.00cvss epss 0.00

    A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface…