CISA has issued an advisory regarding a denial-of-service vulnerability in the Yokogawa Dual-redundant Platform for Computer (PC2CKM). The vulnerability, identified as CVE-2024-8110, arises from an unchecked return value that could cause affected devices to restart unexpectedly when subjected to a large volume of UDP broadcast packets in a short time. If both the active and standby computers in the system restart simultaneously, the device functionality may become temporarily unavailable, posing significant risks to organizations relying on these systems in critical infrastructure sectors like manufacturing, energy, and agriculture.
The flaw affects versions R1.01.00 through R2.03.00 of the PC2CKM platform, which is deployed globally across various industries. Yokogawa, the vendor responsible for the platform, has recommended that users update to version R2.03.10, which addresses the vulnerability. The CVSS score of 7.5 indicates that the risk is substantial, with the potential for remote exploitation and low attack complexity. However, as of now, there have been no reports of public exploitation targeting this specific issue.
To mitigate the risk of exploitation, CISA advises users to minimize network exposure for all control system devices, ensuring that they are not accessible from the internet. Organizations should place control systems and remote devices behind firewalls, isolating them from business networks. If remote access is required, it is recommended to use more secure methods like Virtual Private Networks (VPNs), while recognizing the vulnerabilities that may exist within VPN connections. Additionally, users should perform a proper impact analysis and risk assessment before deploying defensive measures.
CISA has also emphasized the importance of cybersecurity best practices, encouraging organizations to stay updated on the latest guidance available on the ICS webpage and to adopt strategies for proactive defense of industrial control systems. The advisory stresses the need for organizations to report any suspected malicious activity to CISA for tracking and correlation. With no known public exploitation of the vulnerability at this time, CISA continues to urge organizations to follow recommended mitigations and update their systems to the latest version of the affected software.
Reference: