Vulnerability Management

Industrial control system vulnerabilties put power plants at risk


Researchers uncovered multiple vulnerabilities in a Japanese industrial control system that could allow hackers to execute arbitrary code, take screenshots of running projects or commandeer communications.

Originally released in 1998, the CENTUM CS 3000 R3, a Windows-based production control system, operates in power plants and chemical and petrochemical plants worldwide. More than 7,600 systems are potentially at-risk, including some that connect to the internet.

Rapid7 security experts alerted the control system's manufacturer, Yokogawa Electric Corporation, of the vulnerabilities late last year, and patches were released this past week.

In February, Sen. Tom Coburn, R-Okla., published a report detailing the U.S. government's oversights in critical infrastructure operations. He emphasized the lax protection of the country's infrastructure databases.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.