CVE-2025-7741
Hardcoded Password in CENTUM PROG User Enables Unauthorized Access
Publication date: 2026-03-30
Last updated on: 2026-03-30
Assigner: YokogawaGroup
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yokogawa | centum_vp | From 5.01.00 (inc) to 5.04.20 (inc) |
| yokogawa | centum_vp | From 6.01.00 (inc) to 6.12.00 (inc) |
| yokogawa | centum_vp | 7.01.00 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The CVE-2025-7741 vulnerability concerns a hardcoded password issue in Yokogawa's CENTUM series products. Specifically, the vulnerability affects the user account "PROG" used in CENTUM Authentication Mode across multiple versions of CENTUM VP.
An attacker who obtains the hardcoded password can log in as the PROG user. However, by default, the PROG user has S1 permission (equivalent to OFFUSER), which limits the ability to perform critical operations or configuration changes.
Exploitation requires that the attacker already have access to the Human Interface Station (HIS) screen controls, either physically or remotely, and that the HIS is configured in CENTUM Authentication Mode.
If the PROG user's permissions have been changed from the default, the risk of performing operations or configuration changes increases.
How can this vulnerability impact me? :
If exploited, an attacker can log in as the PROG user on the affected system. However, since the default permission for the PROG user is limited (S1 permission), the risk of critical operations or configuration changes being performed is considered low.
The vulnerability requires the attacker to already have access to the HIS screen controls, meaning the attacker can already operate and monitor the system to some extent.
If the PROG user's permissions have been modified to higher levels, the attacker could potentially perform unauthorized operations or configuration changes, increasing the impact.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a hardcoded password for the PROG user account in CENTUM Authentication Mode. Detection primarily involves verifying if the affected CENTUM VP versions are configured to use CENTUM Authentication Mode and if the PROG user account exists with the default or altered permissions.
Since exploitation requires access to the HIS screen controls, detection can include checking for unauthorized access attempts or logins as the PROG user on the HIS system.
No specific commands for detection are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include changing the user authentication mode from CENTUM Authentication Mode to Windows Authentication Mode, which removes reliance on the hardcoded password.
For CENTUM VP R7.01.00 users, applying patch R7.01.10 addresses the vulnerability.
Customers should assess their system environment risks before applying these countermeasures and may need to engage Yokogawa support for implementation.
It is also important to verify that the PROG user permissions have not been altered from the default S1 permission to reduce risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not explicitly address how the CVE-2025-7741 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.