CVE-2025-7741: CWE-259 Use of hard-coded password in Yokogawa Electric Corporation CENTUM VP
A hardcoded password vulnerability exists in Yokogawa Electric Corporation's CENTUM VP products across multiple versions. The vulnerability involves a hardcoded password for the PROG user account used in CENTUM Authentication Mode. Exploitation requires an attacker to already have access to the HIS screen controls and the system to be configured in CTM authentication mode. The default permissions for the PROG user are limited, reducing the risk of critical operations being performed. The vulnerability is rated low severity with a CVSS score of 2. 1. No patch or remediation information is provided in the available data.
AI Analysis
Technical Summary
CVE-2025-7741 is a vulnerability in CENTUM VP versions R5.01.00 to R5.04.20, R6.01.00 to R6.12.00, and R7.01.00 where a hardcoded password exists for the PROG user account used in CENTUM Authentication Mode. An attacker must obtain the hardcoded password and have direct or remote access to the HIS screen controls configured in CTM authentication mode to exploit this issue. The PROG user has default S1 (OFFUSER equivalent) permissions, limiting the potential impact under default configurations. The vulnerability requires high attack complexity and physical or remote access with privileges to operate the HIS screen, resulting in a low overall severity score.
Potential Impact
If exploited, an attacker could log in as the PROG user with limited permissions (S1/OFFUSER), which restricts critical operations or configuration changes under default settings. However, if the PROG user's permissions have been altered, the attacker could potentially perform more impactful operations. Exploitation requires prior access to HIS screen controls, meaning the attacker already has some operational capabilities. Overall, the risk of critical impact is low given the default permission level and required conditions for exploitation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix information is provided, users should verify if updates or configuration changes are available from Yokogawa Electric Corporation. Restricting access to HIS screen controls and ensuring PROG user permissions remain at default levels can reduce risk. Monitor vendor communications for any forthcoming patches or mitigation instructions.
CVE-2025-7741: CWE-259 Use of hard-coded password in Yokogawa Electric Corporation CENTUM VP
Description
A hardcoded password vulnerability exists in Yokogawa Electric Corporation's CENTUM VP products across multiple versions. The vulnerability involves a hardcoded password for the PROG user account used in CENTUM Authentication Mode. Exploitation requires an attacker to already have access to the HIS screen controls and the system to be configured in CTM authentication mode. The default permissions for the PROG user are limited, reducing the risk of critical operations being performed. The vulnerability is rated low severity with a CVSS score of 2. 1. No patch or remediation information is provided in the available data.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-7741 is a vulnerability in CENTUM VP versions R5.01.00 to R5.04.20, R6.01.00 to R6.12.00, and R7.01.00 where a hardcoded password exists for the PROG user account used in CENTUM Authentication Mode. An attacker must obtain the hardcoded password and have direct or remote access to the HIS screen controls configured in CTM authentication mode to exploit this issue. The PROG user has default S1 (OFFUSER equivalent) permissions, limiting the potential impact under default configurations. The vulnerability requires high attack complexity and physical or remote access with privileges to operate the HIS screen, resulting in a low overall severity score.
Potential Impact
If exploited, an attacker could log in as the PROG user with limited permissions (S1/OFFUSER), which restricts critical operations or configuration changes under default settings. However, if the PROG user's permissions have been altered, the attacker could potentially perform more impactful operations. Exploitation requires prior access to HIS screen controls, meaning the attacker already has some operational capabilities. Overall, the risk of critical impact is low given the default permission level and required conditions for exploitation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix information is provided, users should verify if updates or configuration changes are available from Yokogawa Electric Corporation. Restricting access to HIS screen controls and ensuring PROG user permissions remain at default levels can reduce risk. Monitor vendor communications for any forthcoming patches or mitigation instructions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- YokogawaGroup
- Date Reserved
- 2025-07-17T06:32:40.148Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69c9befee6bfc5ba1d524370
Added to database: 3/30/2026, 12:08:30 AM
Last enriched: 4/6/2026, 10:53:00 AM
Last updated: 5/13/2026, 7:56:52 PM
Views: 118
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.