CVE-2025-1924 identifies a critical integer underflow vulnerability (CWE-191) combined with memory safety issues (CWE-787) in the Vnet/IP Interface Package developed by Yokogawa Electric Corporation, specifically affecting versions R1.07.00 and earlier used in CENTUM VP R6 and R7 control systems. The vulnerability arises when the affected software processes maliciously crafted network packets, causing an integer underflow that leads to wraparound conditions. This can disrupt normal packet handling logic, resulting in denial of service (DoS) by halting Vnet/IP communication functions or, more severely, enabling arbitrary code execution. The vulnerability is exploitable remotely over the network (Attack Vector: Adjacent), but requires high attack complexity, no privileges, and no user interaction, indicating that exploitation is non-trivial but feasible in targeted scenarios. The impact on confidentiality is minimal, but integrity and availability impacts are significant, as attackers can disrupt critical industrial communication or execute arbitrary programs, potentially compromising industrial control processes. The vulnerability affects industrial automation environments relying on Yokogawa's CENTUM VP distributed control systems, widely used in sectors such as manufacturing, energy, and utilities. No patches or exploits are currently publicly available, but the risk remains due to the critical nature of the affected systems. The CVSS 4.0 base score is 6.0 (medium severity), reflecting the balance of impact and exploitation difficulty. The vulnerability was publicly disclosed in February 2026, with no known active exploitation reported to date.

The vulnerability poses a significant risk to organizations operating industrial control systems (ICS) using Yokogawa's CENTUM VP R6 and R7 platforms with the vulnerable Vnet/IP Interface Package. Successful exploitation can cause denial of service, disrupting critical communication channels in industrial environments, potentially halting production lines, energy distribution, or other vital processes. More critically, arbitrary code execution could allow attackers to manipulate control logic, leading to safety hazards, operational downtime, and financial losses. Given the specialized nature of the affected systems, impact is concentrated in industrial sectors such as manufacturing, energy, chemical processing, and utilities. Disruption or compromise of these systems can have cascading effects on supply chains and critical infrastructure. The medium severity rating reflects the balance between the difficulty of exploitation and the potential for serious operational impact. Organizations lacking timely patching or network segmentation are at higher risk, especially if their Vnet/IP interfaces are exposed or accessible from less trusted networks.

1. Apply patches or updates from Yokogawa Electric Corporation as soon as they become available to address this vulnerability. 2. Implement strict network segmentation to isolate Vnet/IP communication interfaces from untrusted networks, limiting access to only essential and trusted hosts. 3. Deploy network intrusion detection and prevention systems (IDS/IPS) configured to monitor and block anomalous or malformed Vnet/IP packets that could exploit the integer underflow. 4. Use firewall rules to restrict traffic to the Vnet/IP interface ports, allowing only known and authorized management and control systems. 5. Conduct regular security audits and vulnerability assessments of industrial control systems to identify and remediate exposure to this and similar vulnerabilities. 6. Establish incident response plans tailored for ICS environments to quickly detect and respond to potential exploitation attempts. 7. Monitor vendor advisories and threat intelligence feeds for updates on exploit availability or new mitigation techniques. 8. Train ICS operators and security personnel on recognizing signs of network-based attacks targeting Vnet/IP communications.