Yokogawa CENTUM CS 3000 Vulnerabilities (Update A)

Act NowICS-CERT ICSA-14-070-01ADec 12, 2014

Summary

Yokogawa CENTUM CS 3000 distributed control system (DCS) versions R3.09.50 and earlier contain buffer overflow vulnerabilities (CWE-122, CWE-121) that allow remote code execution. These vulnerabilities affect the core process control platform used in petrochemical, power, and water treatment plants.

What this means

What could happen

An attacker who reaches the CENTUM CS 3000 system could run arbitrary commands on the engineering workstation or server, potentially modifying process parameters, stopping production, or hijacking control of safety-critical operations.

Who's at risk

Water treatment authorities, municipal electric utilities, and petrochemical operators using Yokogawa CENTUM CS 3000 are affected. This includes any facility relying on this DCS for process control, especially those managing critical infrastructure like water distribution, power generation, or chemical processing.

How it could be exploited

An attacker with network access to the CENTUM CS 3000 engineering workstation or server could send a specially crafted packet or message that triggers a buffer overflow in the affected software components (CWE-122, CWE-121), allowing them to execute code with the privileges of the running process.

Prerequisites

Network access to CENTUM CS 3000 engineering workstation or server (typically on the control system LAN or a connected corporate network)
No authentication required to trigger the buffer overflow

Remotely exploitableNo authentication requiredLow complexity exploitation (buffer overflow)No patch availableHigh EPSS score (39.8%)Affects safety-critical process control systems

Exploitability

High exploit probability (EPSS 39.8%)

Affected products (1)

ProductAffected VersionsFix Status

CENTUM CS 3000: <=R3.09.50≤ R3.09.50No fix yet

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate CENTUM CS 3000 systems on a dedicated control network segment with strict firewall rules to limit inbound access from engineering workstations and operator consoles only

HARDENINGMonitor network traffic to and from CENTUM CS 3000 for signs of exploitation attempts; block any unexpected inbound connections

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Yokogawa to request a patch or security update for CENTUM CS 3000 R3.09.50; if unavailable, plan migration to a newer version or alternative DCS

Long-term hardening

0/1

HARDENINGImplement air-gap or VPN-based access controls so engineering changes can only occur from trusted, isolated workstations

CVEs (4)

CVE-2014-0781 CVE-2014-0783 CVE-2014-0784 CVE-2014-0782

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/dec6abf1-a81a-42fe-8f6f-6f4cbc517c70