Yokogawa License Manager Service (ICSA-19-029-01) – Products Used in the Energy Sector

The NCCIC has published an advisory on an unrestricted upload of files with dangerous type vulnerability in Yokogawa License Manager Service. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to remotely upload files, allowing execution of arbitrary code. Yokogawa recommends users of affected devices and versions update to the latest available release. The NCCIC also advises on a series of mitigating measures for this vulnerability. Read the advisory at NCCIC/ICS-CERT.