Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Industrial control system vulnerability discovered

Rapid7 : 14 March, 2014  (Technical Article)
Rapid7 provides details of a SCADA vulnerability it has discovered which could have widespread effects on industrial control systems
Industrial control system vulnerability discovered

Rapid7 has disclosed a number of vulnerabilities in a Japanese industrial control system software, Windows-based production control system CENTUM CS 3000 R3 sold by Yokogawa Electric Corporation. Over 7600 of those systems for plant operation and monitoring have been sold worldwide, with Yokogawa's customers including power plants, chemical and petrochemical plants in Europe, the USA and Asia.

The vulnerabilities, if exploited, could allow execution of arbitrary code with user and system privileges. Hackers could also take screenshots to gather information about running projects or hijack SCADA communications.

During the research, Rapid7 found some CENTUM installations that were vulnerable and directly connected the Internet.

Rapid7's security experts warn that the vulnerabilities could affect any organisation running CENTUM CS3000 engineering projects. They recommend upgrading the software, and protecting access to engineering projects by making sure they can only be accessed remotely through VPN or gateway products.

Yokogawa was alerted to the vulnerabilities in December 2013, and has started to publish patches on 7 March.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo