Ripple20

Last Updated: January 20, 2021

Overview

Vulnerabilities that are called “Ripple20” in Treck TCP/IP stack software has been reported. Yokogawa is investigating the impact to Yokogawa products about the vulnerabilities. When Yokogawa discovers the affected Yokogawa product, Yokogawa will provide detail information in Yokogawa Security Advisory Report (YSAR) in accordance with our Vulnerabilities Handling Policy.

 

Yokogawa Security Advisory Report
https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/

 

The Yokogawa Group Vulnerability Handling Policy
https://www.yokogawa.com/eu/solutions/products-platforms/announcements/vulpolicy/

 

Yokogawa strongly recommends all customers to establish and maintain a full security program, not only for the Vulnerabilities. Security program components are: Patch updates, Anti-virus, Backup and recovery, zoning, hardening, whitelisting, firewall, etc. Yokogawa can assist in setting up and running the security program continuously. For considering the most effective risk mitigation plan, as a starting point, Yokogawa can perform a security risk assessment.

 

Impact on Yokogawa Products

DELL computers provided as Yokogawa system components

Following are the products that would be affected by this vulnerability. We prepared fixed firmware for this vulnerability. Please contact us. 

Classification

Model

Global PC

YG1SY01-XXW1016E-0
YG1SY01-XXW1016E-1
YG2SY02-XXW1016E-0
YG2SY02-XXW1016E-1

 

Reference Site

CERT/CC Vulnerability Note VU#257161
https://www.kb.cert.org/vuls/id/257161

 

ICS Advisory (ICSA-20-168-01)
https://www.us-cert.gov/ics/advisories/icsa-20-168-01

Cerchi più informazioni su tecnologia, soluzioni o sulla nostra squadra?

Contattaci

Top