## Hardcoded Password Vulnerability Impacts Yokogawa CENTUM VP A critical vulnerability has been identified in **Yokogawa**'s CENTUM VP distributed control system (DCS), potentially allowing unauthorized access and privilege escalation. The vulnerability, tracked as **CVE-2025-7741**, stems from the use of a hardcoded password for the 'PROG' user account used for CENTUM Authentication Mode. The advisory was released by **CISA**. [View CSAF](https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-092-02.json) ### Vulnerability Details **CVE-2025-7741**: Use of Hard-coded Password * **Description:** Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within the system. * **Impact:** An attacker could log in as the PROG user and potentially perform operations or configuration changes if the PROG user's permissions have been modified from the default S1 permission. * **Affected Products:** * Yokogawa CENTUM VP: >=R5.01.00 and <R5.04.20 * Yokogawa CENTUM VP: >=R6.01.00 and <R6.12.00 * Yokogawa CENTUM VP: vR7.01.00 ### Risk Mitigation While the default permission for the PROG user is S1 (equivalent to OFFUSER), organizations are urged to review and restrict PROG user permissions. **CISA** recommends implementing the following defensive measures to mitigate the risk of exploitation: * Minimize network exposure for all control system devices and systems, ensuring they are not accessible from the internet. * Locate control system networks and remote devices behind firewalls and isolate them from business networks. * When remote access is required, use secure methods, such as Virtual Private Networks (**VPNs**), ensuring they are updated to the most current version available. Also recognize VPN is only as secure as the connected devices. * Perform proper impact analysis and risk assessment prior to deploying defensive measures. ### Affected Sectors This vulnerability poses a risk to organizations within the following critical infrastructure sectors: * Critical Manufacturing * Energy * Food and Agriculture ### Acknowledgements **Yokogawa** reported this vulnerability to **CISA**. ### Further Resources **CISA** provides additional guidance and recommended practices for control systems security on their [ICS webpage](https://www.cisa.gov/ics). Organizations observing suspected malicious activity should follow established internal procedures and report findings to **CISA**.