| Developers: | Yokogawa Electric Corporation |
| Date of the premiere of the system: | 1975 |
| Last Release Date: | 2020/08 |
| Technology: | APCS |
Centum is distributed control system (RSU, Distributed Control System, DCS) from Yokogawa company.
2020: Vulnerabilities in the CAMS for HIS component which is responsible for management of abnormal messages and events
Experts of department of security of industrial management systems of Positive Technologies Natalya Tlyapova and Ivan Kurnakov revealed vulnerabilities in a component of the distributed control system (DCS) of the Japanese company Yokogawa. Vulnerabilities were found in the CAMS for HIS component which is responsible for management of abnormal messages and events in a management system of an industrial facility reported on August 4, 2020 in Positive Technologies.
The first vulnerability (CVE-2020-5608 with assessment 8.1 on CVSS v3.0 scale) is connected with lack of authentication in interaction under the specialized protocol. It allows not authenticated user to interact with the server.
The second vulnerability (CVE-2020-5609 with assessment 8.1 on CVSS v3.0 scale) allows to execute an exit out of directory limits that leads to a possibility of rewriting of any text files — as being RSU, key for full-time job (for example, files of a configuration), and just the files which are stored on a disk with a system. Such opportunity can lead to violation of integrity of information which is stored on the attacked node and also accomplishment of any code.
 | "RSU CENTUM is widespread as at the Russian enterprises, and around the world. Existence of vulnerabilities in any APCS components is always dangerous and can negatively affect the normal mode of work of the enterprise in general. Gives the chance of accomplishment of any code on the server of an industrial segment to the malefactor ample opportunities for attack development further" — the head of the safety department of industrial management systems of Positive Technologies Vladimir Nazarov emphasized. |  |
For elimination of vulnerabilities it is necessary to set the updates recommended by the producer.
For August, 2020 a system more than 10 thousand enterprises petrogas chemical, power spheres use, water utilities and the companies of other industries.
1975: Development of RSU Centum
The Yokogawa company was one of the firms which developed the first distributed control system (RSU Centum) in 1975.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |