Yokogawa CENTUM CS 3000 Vulnerabilities (Update A)

Act NowICS-CERT ICSA-14-070-01ADec 12, 2014

Yokogawa

Summary

Yokogawa CENTUM CS 3000 versions R3.09.50 and earlier contain buffer overflow vulnerabilities (CWE-122, CWE-121) that could allow remote code execution without authentication. No patch is available from the vendor.

What this means

What could happen

Buffer overflow vulnerabilities in CENTUM CS 3000 could allow an attacker to execute arbitrary code on the system, potentially disrupting process control, alarming, or data logging functions in your refinery or chemical plant.

Who's at risk

Operators of Yokogawa CENTUM CS 3000 distributed control systems in refining, petrochemical, power generation, and water treatment facilities should prioritize defensive measures, as there is no vendor patch available.

How it could be exploited

An attacker with network access to CENTUM CS 3000 could send specially crafted input to vulnerable components to trigger a buffer overflow and gain code execution on the control system.

Prerequisites

Network access to CENTUM CS 3000 system
No authentication required

remotely exploitableno authentication requiredno patch availablelow complexity

Exploitability

Likely to be exploited — EPSS score 39.8%

Metasploit module available — weaponized exploitView module ↗

Affected products (1)

ProductAffected VersionsFix Status

CENTUM CS 3000: <=R3.09.50≤ R3.09.50No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate CENTUM CS 3000 systems from untrusted networks using a firewall or network segmentation; permit only authorized engineering workstations and supervisory systems to communicate with the control server

WORKAROUNDDisable remote access to CENTUM CS 3000 unless absolutely required for operations; if remote access is necessary, require multi-factor authentication and use a VPN or jump host

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement network monitoring to detect unusual traffic patterns or connection attempts to CENTUM CS 3000

HOTFIXContact Yokogawa directly to identify whether newer versions of CENTUM CS 3000 or successor products are available with security improvements

CVEs (4)

CVE-2014-0781 CVE-2014-0783 CVE-2014-0784 CVE-2014-0782

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/dec6abf1-a81a-42fe-8f6f-6f4cbc517c70

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.