PatchSiren cyber security CVE debrief
CVE-2025-48022 Yokogawa Electric Corporation CVE debrief
CVE-2025-48022 affects Yokogawa CENTUM VP R6 and R7 systems using the Vnet/IP Interface Package at versions up to R1.07.00. According to CISA’s advisory, maliciously crafted packets can terminate the Vnet/IP software stack process, creating an availability impact in an OT/ICS environment. The advisory was published on 2026-02-26 and maps to CVSS 3.1 5.3 (Medium).
- Vendor
- Yokogawa Electric Corporation
- Product
- Yokogawa Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300) <=R1.07.00 Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300)
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-26
- Original CVE updated
- 2026-02-26
- Advisory published
- 2026-02-26
- Advisory updated
- 2026-02-26
Who should care
OT/ICS operators, plant engineers, and security teams responsible for Yokogawa CENTUM VP deployments that use the affected Vnet/IP Interface Package versions, especially where availability of control communications is operationally critical.
Technical summary
The supplied CISA CSAF advisory states that if the affected product receives maliciously crafted packets, the Vnet/IP software stack process may be terminated. The published CVSS vector is AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating an adjacent-network, high-complexity condition with no privileges or user interaction required and impact limited to availability. The remediation guidance in the advisory recommends upgrading to patch software R1.08.00.
Defensive priority
Medium. The CVSS score is moderate, but the operational impact can be significant in industrial environments because a terminated Vnet/IP stack process may disrupt control communications or availability.
Recommended defensive actions
- Apply Yokogawa patch software R1.08.00 for the affected Vnet/IP Interface Package versions.
- Contact Yokogawa or the local supporting office for product-specific guidance and deployment support.
- Review Yokogawa advisory YSAR-26-0002 for implementation details and mitigation guidance.
- Limit exposure of affected OT assets to trusted adjacent-network segments and follow CISA ICS recommended practices for defense in depth.
- Monitor affected systems for unexpected Vnet/IP stack process termination or related availability anomalies.
Evidence notes
All claims above are based on the supplied CISA CSAF advisory for ICSA-26-057-09 / CVE-2025-48022. The source text explicitly says maliciously crafted packets may terminate the Vnet/IP software stack process and lists the patch recommendation of R1.08.00. The advisory metadata provided in the corpus includes the 2026-02-26 publication/modified date and the CVSS 3.1 vector AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. No KEV entry is present in the supplied data.
Official resources
-
CVE-2025-48022 CVE record
CVE.org
-
CVE-2025-48022 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2026-02-26, and the supplied data indicates this was an initial republication of YSAR-26-0002. The corpus does not show a KEV listing or ransomware association for this CVE.