Positive Technologies helps eliminate vulnerabilities in Yokogawa's CENTUM DCS (distributed control system)

Natalia Tlyapova and Ivan Kurnakov, specialists from Positive Technologies' ICS Security Division, have identified vulnerabilities in a component of the distributed control system (DCS) by the Japanese firm Yokogawa. This DCS is used by over 10 thousand enterprises in the oil and gas, chemical, and energy sectors, as well as by water services and firms across other industries.

The vulnerabilities were found in the Consolidated Alarm Management Software (CAMS) for HIS (Human Interface Station). This component is responsible for managing events and emergency messages in the industrial control system.

The first vulnerability (CVE-2020-5608, with the score of 8.1 on the CVSS v3.0 scale) involved a lack of authentication when communicating over a specialized protocol, making it possible for unauthenticated users to interact with the server.

The second vulnerability (CVE-2020-5609, with the score of 8.1 on the CVSS v3.0 scale) made path traversal possible, opening up the opportunity to arbitrarily overwrite text files. These included regular files that happened to be saved on the same disk as the system, as well as files essential to the operation of the DCS (for example, configuration files). This violated the integrity of information stored on attacked hosts, and made the execution of arbitrary code possible.

"CENTUM DCS is widely used by firms and enterprises around the world. Vulnerabilities in industrial control systems (ICSs) are always dangerous and have the potential to extensively impact the operations of attacked firms. The ability to execute arbitrary code on the server of an industrial segment gives attackers vast opportunities for developing their attacks further," explains Vladimir Nazarov, Head of ICS Security at Positive Technologies.

The vulnerabilities can be eliminated by installing the recommended updates released by the manufacturer. Cybersecurity incidents and ICS vulnerabilities can also be detected using Positive Technologies' proprietary software products, PT Industrial Security Incident Manager (PT ISIM) and MaxPatrol 8.