CVE-2025-48021: CWE-191 Integer Underflow (Wrap or Wraparound) in Yokogawa Electric Corporation Vnet/IP Interface Package
CVE-2025-48021 is an integer underflow vulnerability (CWE-191) in the Vnet/IP Interface Package by Yokogawa Electric Corporation, affecting versions R1. 07. 00 and earlier. When the vulnerable software receives specially crafted packets, it may cause the Vnet/IP software stack process to terminate unexpectedly, leading to denial of service. The vulnerability requires an attacker to have adjacent network access with high attack complexity and no user interaction or privileges. Although no known exploits are currently in the wild, the vulnerability poses a medium severity risk due to its potential to disrupt critical industrial control communications. The affected product is primarily used in industrial automation environments, notably in CENTUM VP systems. Mitigation involves applying patches once available, restricting network access to trusted sources, and monitoring network traffic for anomalous packets. Countries with significant industrial automation deployments using Yokogawa products, such as Japan, the United States, Germany, South Korea, and China, are most likely to be impacted. Organizations should prioritize defense-in-depth strategies to reduce exposure and ensure operational continuity.
AI Analysis
Technical Summary
CVE-2025-48021 is an integer underflow vulnerability classified under CWE-191 found in the Vnet/IP Interface Package developed by Yokogawa Electric Corporation. This package is used in the CENTUM VP R6 and R7 series (VP6C3300 and VP7C3300) industrial control systems. The vulnerability arises when the software processes maliciously crafted network packets that trigger an integer underflow condition, causing the Vnet/IP software stack process to terminate unexpectedly. This termination results in a denial of service (DoS) condition, disrupting communication within the industrial control network. The vulnerability has a CVSS 4.0 base score of 6.0, indicating medium severity, with an attack vector requiring adjacent network access and high attack complexity. No privileges or user interaction are required, and the vulnerability does not impact confidentiality, integrity, or availability beyond the DoS effect. No public exploits have been reported yet, and no patches are currently linked, emphasizing the need for vigilance. The vulnerability affects versions R1.07.00 and earlier of the Vnet/IP Interface Package, which is integral to Yokogawa's CENTUM VP distributed control systems widely used in critical infrastructure sectors such as manufacturing, energy, and utilities.
Potential Impact
The primary impact of CVE-2025-48021 is denial of service due to the termination of the Vnet/IP software stack process. This disruption can halt or degrade communication between control system components, potentially leading to operational interruptions in industrial environments. For organizations relying on Yokogawa's CENTUM VP systems, this could mean temporary loss of monitoring and control capabilities, which may affect process safety, production efficiency, and system reliability. While the vulnerability does not directly compromise data confidentiality or integrity, the availability impact in critical infrastructure contexts can have significant downstream effects, including safety risks and financial losses. Given the high attack complexity and requirement for adjacent network access, exploitation is less likely from remote attackers but remains a concern for insiders or attackers who gain network proximity. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as industrial control systems often have long lifecycles and slower patch adoption rates.
Mitigation Recommendations
1. Monitor vendor communications closely for official patches or updates addressing CVE-2025-48021 and apply them promptly once available. 2. Restrict network access to the Vnet/IP Interface Package to trusted and authenticated devices only, using network segmentation and firewall rules to limit exposure. 3. Implement strict network access controls and monitoring on the industrial control network to detect and block anomalous or malformed packets that could trigger the vulnerability. 4. Employ intrusion detection/prevention systems (IDS/IPS) tuned to recognize suspicious traffic patterns targeting the Vnet/IP protocol. 5. Conduct regular security assessments and penetration tests focused on industrial control system components to identify potential exposure. 6. Establish incident response procedures specific to industrial control system disruptions to minimize downtime and operational impact. 7. Educate network and security personnel about the vulnerability and the importance of maintaining strict network hygiene in industrial environments. 8. Consider deploying redundant communication paths or failover mechanisms within the control system architecture to maintain availability during potential disruptions.
Affected Countries
Japan, United States, Germany, South Korea, China, France, United Kingdom, Canada, Australia, India
CVE-2025-48021: CWE-191 Integer Underflow (Wrap or Wraparound) in Yokogawa Electric Corporation Vnet/IP Interface Package
Description
CVE-2025-48021 is an integer underflow vulnerability (CWE-191) in the Vnet/IP Interface Package by Yokogawa Electric Corporation, affecting versions R1. 07. 00 and earlier. When the vulnerable software receives specially crafted packets, it may cause the Vnet/IP software stack process to terminate unexpectedly, leading to denial of service. The vulnerability requires an attacker to have adjacent network access with high attack complexity and no user interaction or privileges. Although no known exploits are currently in the wild, the vulnerability poses a medium severity risk due to its potential to disrupt critical industrial control communications. The affected product is primarily used in industrial automation environments, notably in CENTUM VP systems. Mitigation involves applying patches once available, restricting network access to trusted sources, and monitoring network traffic for anomalous packets. Countries with significant industrial automation deployments using Yokogawa products, such as Japan, the United States, Germany, South Korea, and China, are most likely to be impacted. Organizations should prioritize defense-in-depth strategies to reduce exposure and ensure operational continuity.
AI-Powered Analysis
Technical Analysis
CVE-2025-48021 is an integer underflow vulnerability classified under CWE-191 found in the Vnet/IP Interface Package developed by Yokogawa Electric Corporation. This package is used in the CENTUM VP R6 and R7 series (VP6C3300 and VP7C3300) industrial control systems. The vulnerability arises when the software processes maliciously crafted network packets that trigger an integer underflow condition, causing the Vnet/IP software stack process to terminate unexpectedly. This termination results in a denial of service (DoS) condition, disrupting communication within the industrial control network. The vulnerability has a CVSS 4.0 base score of 6.0, indicating medium severity, with an attack vector requiring adjacent network access and high attack complexity. No privileges or user interaction are required, and the vulnerability does not impact confidentiality, integrity, or availability beyond the DoS effect. No public exploits have been reported yet, and no patches are currently linked, emphasizing the need for vigilance. The vulnerability affects versions R1.07.00 and earlier of the Vnet/IP Interface Package, which is integral to Yokogawa's CENTUM VP distributed control systems widely used in critical infrastructure sectors such as manufacturing, energy, and utilities.
Potential Impact
The primary impact of CVE-2025-48021 is denial of service due to the termination of the Vnet/IP software stack process. This disruption can halt or degrade communication between control system components, potentially leading to operational interruptions in industrial environments. For organizations relying on Yokogawa's CENTUM VP systems, this could mean temporary loss of monitoring and control capabilities, which may affect process safety, production efficiency, and system reliability. While the vulnerability does not directly compromise data confidentiality or integrity, the availability impact in critical infrastructure contexts can have significant downstream effects, including safety risks and financial losses. Given the high attack complexity and requirement for adjacent network access, exploitation is less likely from remote attackers but remains a concern for insiders or attackers who gain network proximity. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as industrial control systems often have long lifecycles and slower patch adoption rates.
Mitigation Recommendations
1. Monitor vendor communications closely for official patches or updates addressing CVE-2025-48021 and apply them promptly once available. 2. Restrict network access to the Vnet/IP Interface Package to trusted and authenticated devices only, using network segmentation and firewall rules to limit exposure. 3. Implement strict network access controls and monitoring on the industrial control network to detect and block anomalous or malformed packets that could trigger the vulnerability. 4. Employ intrusion detection/prevention systems (IDS/IPS) tuned to recognize suspicious traffic patterns targeting the Vnet/IP protocol. 5. Conduct regular security assessments and penetration tests focused on industrial control system components to identify potential exposure. 6. Establish incident response procedures specific to industrial control system disruptions to minimize downtime and operational impact. 7. Educate network and security personnel about the vulnerability and the importance of maintaining strict network hygiene in industrial environments. 8. Consider deploying redundant communication paths or failover mechanisms within the control system architecture to maintain availability during potential disruptions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- YokogawaGroup
- Date Reserved
- 2025-05-15T03:31:13.259Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 698eb7d6c9e1ff5ad8edd0be
Added to database: 2/13/2026, 5:34:14 AM
Last enriched: 2/20/2026, 9:09:47 AM
Last updated: 2/21/2026, 12:18:23 AM
Views: 40
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-27203: CWE-15: External Control of System or Configuration Setting in YosefHayim ebay-mcp
HighCVE-2026-27168: CWE-122: Heap-based Buffer Overflow in HappySeaFox sail
HighCVE-2026-27134: CWE-287: Improper Authentication in strimzi strimzi-kafka-operator
HighCVE-2026-27190: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in denoland deno
HighCVE-2026-27026: CWE-770: Allocation of Resources Without Limits or Throttling in py-pdf pypdf
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.