EUVD-2025-209116

| CVE-2025-7741 LOW
2026-03-30 YokogawaGroup GHSA-mp6c-hc7j-7fh2
2.1
CVSS 4.0

CVSS Vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Mar 30, 2026 - 00:15 euvd
EUVD-2025-209116
Analysis Generated
Mar 30, 2026 - 00:15 vuln.today
CVE Published
Mar 30, 2026 - 00:01 nvd
LOW 2.1

Tags

Authentication Bypass

Description

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default permission for the PROG users is S1 permission (equivalent to OFFUSER). Therefore, for properly permission-controlled targets of operation and monitoring, even if an attacker user in as the PROG user, the risk of critical operations or configuration changes being performed is considered low. (If the PROG user's permissions have been changed for any reason, there is a risk that operations or configuration changes may be performed under the modified permissions. The CVSS values below are for the default permissions.) Additionally, exploiting this vulnerability requires an attacker to already have access to the HIS screen controls. Therefore, an attacker can already operate and monitor at that point, regardless of this vulnerability. The conditions under which this vulnerability is exploited: If all of the following conditions are met, the affected products are vulnerable to this vulnerability. -An attacker obtains the hardcoded password using a certain method. -The HIS with the affected product installed is configured in CTM authentication mode. -An attacker must have direct access to the aforementioned HIS or be able to break into it remotely using a certain method and perform screen operations. The affected products and versions are as follows: CENTUM VP R5.01.00 to R5.04.20, R6.01.00 to R6.12.00 and R7.01.00.

Analysis

Hardcoded password vulnerability in Yokogawa CENTUM VP allows authentication bypass for the PROG system account across versions R5.01.00-R5.04.20, R6.01.00-R6.12.00, and R7.01.00. An attacker who obtains the hardcoded credential and has direct access to the Human Interface Station (HIS) running CTM authentication mode can log in as PROG; however, real-world risk is constrained because PROG defaults to S1 (OFFUSER) permission level, and exploitation requires pre-existing HIS access. No public exploit code or active CISA KEV status identified at time of analysis.

Technical Context

This vulnerability exploits hardcoded credentials (CWE-259) embedded in the CENTUM VP industrial control system software. CENTUM VP is Yokogawa's integrated production control and information system, widely deployed in process industries. The PROG user account is part of the CTM (CENTUM Authentication Mode) authentication framework and is used for system-level functions. The hardcoded password is static across all installations, meaning discovery of the credential compromises the entire affected product line. The HIS is the client-facing control interface; exploitation requires either direct physical/network access to the HIS or prior compromise of the HIS itself, making this a secondary exploit vector rather than a primary entry point.

Affected Products

Yokogawa CENTUM VP (cpe:2.3:a:yokogawa_electric_corporation:centum_vp:*:*:*:*:*:*:*:*) is affected across multiple major releases: versions R5.01.00 through R5.04.20, R6.01.00 through R6.12.00, and R7.01.00. All these installations running in CTM authentication mode with the default or modified PROG account configuration are in scope. Consult Yokogawa security advisory YSAR-26-0003-E for definitive version enumeration and product line specifics.

Remediation

Apply the vendor-released patch via Yokogawa's CENTUM VP update for affected versions; consult YSAR-26-0003-E (https://web-material3.yokogawa.com/1/39531/files/YSAR-26-0003-E.pdf) for exact patch versions and deployment instructions. If patching cannot be immediately applied, implement network segmentation to restrict HIS access to trusted networks and authenticated users only, and audit the PROG account's current permission level-if it has been granted permissions beyond the S1 default, manually restrict it pending patch deployment. Consider rotating or disabling the PROG account if alternative system accounts are available. Monitor CENTUM VP authentication logs for unauthorized PROG login attempts.

Priority Score

11
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +10
POC: 0

Share

EUVD-2025-209116 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy