CVE-2025-48023 Yokogawa Electric Corporation CVE debrief

Who should care

OT and ICS defenders running Yokogawa CENTUM VP R6/R7 environments, especially teams responsible for Vnet/IP connectivity, patching, and network segmentation.

Technical summary

The advisory covers Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300) up to R1.07.00 and Vnet/IP Interface Package for CENTUM VP R7 (VP7C3300). The reported condition is process termination in the Vnet/IP software stack when the product receives maliciously crafted packets. The supplied CVSS v3.1 vector (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates adjacent-network attack conditions, high attack complexity, no privileges required, no user interaction, and an availability-only impact.

Defensive priority

High for affected OT environments because the flaw can terminate a core Vnet/IP process and interrupt industrial communications, even though the base CVSS score is 5.3.

Recommended defensive actions

• Apply Yokogawa patch software R1.08.00 for the affected product lines.
• Review the Yokogawa advisory YSAR-26-0002 for deployment guidance and support contacts.
• Limit and segment access to the affected Vnet/IP interfaces, following ICS network defense best practices.
• Validate recovery procedures, monitoring, and change control before and after patching in production OT environments.

Evidence notes

All facts in this debrief come from the supplied CISA CSAF advisory material republished as ICSA-26-057-09 on 2026-02-26 and its listed remediation guidance. The corpus states that maliciously crafted packets may terminate the Vnet/IP software stack process and that patch software R1.08.00 is the recommended mitigation. The supplied enrichment also indicates no KEV entry and no known ransomware campaign use.

Official resources