CISA 2026-04-02

Yokogawa CENTUM VP

CVE-2025-7741

Machine-generated analysis · WAYSCloud LLM

The vulnerability allows login as the PROG user with hardcoded credentials. Exploitation requires prior access to the HIS screen controls.

Context

Yokogawa CENTUM VP is a control system used in critical manufacturing, energy, and food and agriculture sectors. The advisory states affected versions contain a hardcoded password for the PROG user account in CENTUM Authentication Mode. The default PROG user permissions are limited (S1/OFFUSER), but modified permissions could enable operational changes. Exploitation requires existing access to the Human Interface Station (HIS) screen controls.

Operator considerations

Check: Inventory all CENTUM VP installations running R5.01.00 to R5.04.20, R6.01.00 to R6.12.00, or vR7.01.00
Isolate: Restrict access to HIS screen controls to authorized personnel only
Patch: Switch user authentication mode to Windows Authentication Mode on affected versions

From Cybersecurity and Infrastructure Security Agency ↗

Successful exploitation of this vulnerability could allow an attacker to login as the PROG user and modify permissions.

The following versions of Yokogawa CENTUM VP are affected:

CENTUM VP >=R5.01.00|

CENTUM VP >=R6.01.00|

CENTUM VP vR7.01.00 (CVE-2025-7741)

Vendor

Equipment

Yokogawa

Yokogawa CENTUM VP

Use of Hard-coded Password

Critical Infrastructure Sectors: Critical Manufacturing, Energy, Food and Agriculture

Countries/Areas Deployed: Worldwide

Company Headquarters Location: Japan

Affected products contain a hardcoded password for the user account (PROG) used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default permission for the PROG users is S1 permission (equivalent to OFFUSER). Therefore, for properly permission-controlled targets of operation and monitoring, e...

Read the full advisory on CISA →