PatchSiren cyber security CVE debrief
CVE-2025-48020 Yokogawa Electric Corporation CVE debrief
CVE-2025-48020 affects Yokogawa CENTUM VP R6 and R7 Vnet/IP Interface Package versions up to R1.07.00. According to the advisory, maliciously crafted packets can terminate the Vnet/IP software stack process, creating an availability impact for affected OT environments. Yokogawa recommends upgrading to R1.08.00.
- Vendor
- Yokogawa Electric Corporation
- Product
- Yokogawa Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300) <=R1.07.00 Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300)
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-02-26
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-02-26
Who should care
OT operators, industrial network administrators, system integrators, and asset owners running Yokogawa CENTUM VP R6/R7 with the affected Vnet/IP Interface Package (VP6C3300 or VP7C3300) should review exposure and remediation plans.
Technical summary
The advisory describes a packet-handling issue in the Vnet/IP software stack: if the affected product receives maliciously crafted packets, the process may terminate. The supplied CVSS vector indicates an adjacent-network attack path, high attack complexity, no privileges, no user interaction, and an availability-only impact (CVSS 3.1 5.3/Medium). The remediation provided by the vendor is to apply patch software R1.08.00.
Defensive priority
Medium priority for exposed OT networks. The issue is availability-focused and requires adjacency to the target network, but process termination in industrial communications infrastructure can still disrupt operations.
Recommended defensive actions
- Upgrade affected systems to Yokogawa patch software R1.08.00 as recommended in the advisory.
- Identify whether VP6C3300 or VP7C3300 installations are running versions at or below R1.07.00.
- Restrict adjacent-network access to the Vnet/IP segment and limit packet sources to trusted OT hosts and management systems.
- Monitor the Vnet/IP stack and related logs for unexpected process terminations or abnormal packet patterns.
- Review the Yokogawa advisory YSAR-26-0002 for implementation guidance and contact the local supporting office if remediation planning is needed.
Evidence notes
The source advisory states: "If the affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated." It also recommends applying patch software R1.08.00. The CVSS vector in the supplied record is CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H, which aligns with an adjacent-network, availability-only issue. Published and modified dates supplied for the CVE and source are 2026-02-26T07:00:00.000Z.
Official resources
-
CVE-2025-48020 CVE record
CVE.org
-
CVE-2025-48020 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Public advisory disclosed on 2026-02-26 via CISA CSAF republishing of YSAR-26-0002 (ICSA-26-057-09).