CVE-2025-7741 identifies a hardcoded password vulnerability in Yokogawa Electric Corporation's CENTUM VP, a distributed control system widely used in industrial environments. The vulnerability resides in the PROG user account, which has a hardcoded password embedded within the system for authentication in CENTUM Authentication Mode. This hardcoded credential can potentially be extracted by an attacker through unspecified methods. Exploitation requires that the attacker already have direct or remote access to the Human Interface Station (HIS) with the affected CENTUM VP versions installed and configured in CTM authentication mode. The PROG user account by default has S1 permission level, equivalent to OFFUSER, which restricts critical operational or configuration changes. Therefore, even if an attacker logs in as PROG, the ability to perform harmful actions is limited unless the permissions have been modified. The vulnerability spans multiple versions of CENTUM VP, including R5.01.00 through R5.04.20, R6.01.00 through R6.12.00, and R7.01.00. The CVSS 4.0 base score is 2.1, reflecting low severity due to the requirement of local access, high attack complexity, and limited privileges. No patches or known exploits have been reported yet. The vulnerability highlights the risk of embedded credentials in critical industrial control systems, which could be leveraged by insiders or attackers who have already breached perimeter defenses.

The primary impact of this vulnerability is unauthorized access to the PROG user account within the CENTUM VP system. Given the default limited permissions of the PROG user, the risk of executing critical operations or making configuration changes is low under normal circumstances. However, if the PROG user's permissions have been escalated or modified, an attacker could potentially perform unauthorized operational commands or system configuration changes, leading to disruption or manipulation of industrial processes. Since exploitation requires prior access to the HIS interface, this vulnerability mainly increases risk in environments where perimeter defenses have already been compromised or insider threats exist. The presence of a hardcoded password also raises concerns about credential management and potential lateral movement within industrial networks. While no known exploits are reported, the vulnerability could facilitate persistence or privilege escalation in targeted attacks against industrial control systems, potentially impacting availability and integrity of critical infrastructure operations.

Organizations using affected versions of CENTUM VP should first verify whether the system is configured in CTM authentication mode and assess the permissions assigned to the PROG user account. It is critical to ensure that the PROG user's permissions remain at the default S1 (OFFUSER) level to minimize risk. Network segmentation and strict access controls should be enforced to limit access to the HIS interface, preventing unauthorized local or remote access. Monitoring and logging of HIS access and authentication attempts should be enhanced to detect suspicious activities. Since no patches are currently available, consider implementing compensating controls such as disabling or renaming the PROG account if feasible, or restricting its use through system configuration. Conduct regular audits of user permissions and credentials within the CENTUM VP environment. Additionally, employ strong perimeter security measures, including multi-factor authentication and intrusion detection systems, to prevent attackers from gaining initial access to the HIS. Engage with Yokogawa Electric Corporation for updates on patches or official remediation guidance.