Strategy, Vulnerability management

Industrial control system vulnerabilties put power plants at risk

March 14, 2014

Researchers uncovered multiple vulnerabilities in a Japanese industrial control system that could allow hackers to execute arbitrary code, take screenshots of running projects or commandeer communications.

Originally released in 1998, the CENTUM CS 3000 R3, a Windows-based production control system, operates in power plants and chemical and petrochemical plants worldwide. More than 7,600 systems are potentially at-risk, including some that connect to the internet.

Rapid7 security experts alerted the control system's manufacturer, Yokogawa Electric Corporation, of the vulnerabilities late last year, and patches were released this past week.

In February, Sen. Tom Coburn, R-Okla., published a report detailing the U.S. government's oversights in critical infrastructure operations. He emphasized the lax protection of the country's infrastructure databases.

prestitial ad