Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

Positive Technologies Helps Eliminate Vulnerabilities in Yokogawa’s Centum DCS

Security
By AIT News Desk

Natalia Tlyapova and Ivan Kurnakov, specialists from Positive Technologies’ ICS Security Division, have identified vulnerabilities in a component of the distributed control system (DCS) by the Japanese firm Yokogawa. This DCS is used by over 10 thousand enterprises in the oil and gas, chemical, and energy sectors, as well as by water services and firms across other industries.

The vulnerabilities were found in the Consolidated Alarm Management Software (CAMS) for HIS (Human Interface Station). This component is responsible for managing events and emergency messages in the industrial control system.

Recommended AI News: Freshworks Doubles Omnichannel Customer Support ARR in H1 2020

The first vulnerability (CVE-2020-5608, with the score of 8.1 on the CVSS v3.0 scale) involved a lack of authentication when communicating over a specialized protocol, making it possible for unauthenticated users to interact with the server.

Related Posts

From Innovation to Infiltration: The New Cyber Threat Landscape

Baffle Announces Vector Database Protection to Enhance Data Security for GenAI Applications

AiThority Interview with Jon Bratseth, CEO and co-founder of Vespa.ai

1 of 4,822

The second vulnerability (CVE-2020-5609, with the score of 8.1 on the CVSS v3.0 scale) made path traversal possible, opening up the opportunity to arbitrarily overwrite text files. These included regular files that happened to be saved on the same disk as the system, as well as files essential to the operation of the DCS (for example, configuration files). This violated the integrity of information stored on attacked hosts, and made the execution of arbitrary code possible.

Recommended AI News: SecurityMetrics Summit Brings New Ideas and Innovation to Data Security and Compliance

“CENTUM DCS is widely used by firms and enterprises around the world,” said Vladimir Nazarov, Head of ICS Security at Positive Technologies. “Vulnerabilities in industrial control systems (ICSs) are always dangerous and have the potential to extensively impact the operations of attacked firms. The ability to execute arbitrary code on the server of an industrial segment gives attackers vast opportunities for developing their attacks further.”

The vulnerabilities can be eliminated by installing the recommended updates released by the manufacturer. Cybersecurity incidents and ICS vulnerabilities can also be detected using Positive Technologies’ proprietary software products, PT Industrial Security Incident Manager (PT ISIM) and MaxPatrol 8.

Recommended AI News: Atari: Expansion of the Partnership With Animoca Brands

AIT News Desk

AIT News Desk is a trained group of web journalists and reporters who collect news from all over the technology landscape. The technical space includes advanced technologies related to AI, ML, ITops, Cloud Security, Privacy and Security, Cyberthreat intelligence, Space, Big data and Analytics, Blockchain and Crypto.
To connect, please write to AiT Analyst at news@martechseries.com.

You might also like More from author

Comments are closed, but trackbacks and pingbacks are open.