The Centum CS 3000 software used to run oil rigs, refiners and power plants has several bugs that make it vulnerable to hacker attacks, warned the Department of Homeland Security. Roughly 7,600 plants globally are at risk. The software maker, Yokogawa, is in the process of contacting customers who might need to apply a patch to their system.
The discovery of bugs in software used to run oil rigs, refineries and power plants has prompted a global push to patch the widely used control system.
The bugs were found by security researchers and, if exploited, could give attackers remote access to control systems for the installations.
About 7,600 plants around the world are using the vulnerable software.
“We went from zero to total compromise,” said Juan Vazquez, a researcher at security firm Rapid7 who, with colleague Julian Diaz, found several holes in Yokogawa’s Centum CS 3000 software.
“If you are able to exploit the vulnerabilities we have identified you get control of the Human Interface Station,” said Mr Diaz. “That’s where the operator sits or stands and monitors operational details.”
“If you have control of that station as an attacker you have the same level of control as someone standing on the plant floor wearing a security badge,” he said.
View Full Article in: http://www.bbc.comView Graybar’s industrial network security solutions.