
![]() |
Charlotte Stonestreet
Managing Editor |
Home> | AUTOMATION | >Networks | >Security holes identified in SCADA product |
Home> | AUTOMATION | >Security | >Security holes identified in SCADA product |
Security holes identified in SCADA product
14 March 2014
IT security data and analytics company Rapid7 has identified and disclosed a number of vulnerabilities in the Windows-based industrial production control system CENTUM CS 3000 R3 sold by Yokogawa Electric.
Originally released in 1998, 7600 systems for plant operation and monitoring have been sold, including power, chemical and petrochemical plants in Europe, the USA and Asia.
According to Rapid7 the vulnerabilities could allow an attacker to perform a denial of service (DoS) or get system privileges to execute arbitrary code. Hackers could also take screenshots to gather information about running projects or hijack SCADA communications. During its investigation, some CENTUM installations were identified that were vulnerable and directly connected the Internet.
ICS-CERT, the US Industrial Control Systems Cyber Emergency Response Team, together with Japanese counterpart JPCERT, have coordinated with Rapid7 and Yokogawa to mitigate these vulnerabilities.
Yokogawa has created a patch to mitigate the reported vulnerabilities. Older versions of the CENTUM CS 3000 will also need to be updated to the latest version of R3.09.50 before installing the patch. Rapid7 also recommends upgrading the software and protecting access to engineering projects by making sure they can only be accessed remotely through VPN or gateway products.
- Full-bore ball control valve
- Small tubes, big impact
- Robotics & AI Industry Showcase
- The News From Catalonia
- Realtime Robotics extends relationship with Mitsubishi Electric
- Friends, robots, countrymen....
- Kawasaki Heavy Industries to expand production in China
- Hexagon inspection product compatibility
- Partnership to accelerate development of AI solutions for future mobility
- Next-generation ultracapacitors