Security flaws could give hackers control of power plants and oil rigs

Power plants, oil rigs and refineries could be at risk from hackers, new research shows, as there are vital bugs in their software that could allow an outsider to gain remote access.

Around the world about 7,600 plants are using the vulnerable software that could allow an attacker with the "lowest skill in hacking" to exploit them.

See: State-sponsored hacks targeting journalists

The software, named Centum CS 3000, was first released to run on Windows 98 and is used to monitor and control the heavy machinery in many of the globe's large industrial installations.

"We went from zero to total compromise," Juan Vasquez, from security firm Rapid7, told the BBC.

"If you have control of that station as an attacker you have the same level of control as someone standing on the plant floor wearing a security badge," added his colleague Julian Diaz who aided in the discovery.

Rapid7's discovery has caused the Computer Emergency Response Team (CERT) of the US Homeland Security Department to issue an alert about the vulnerabilities.

Yokogawa, the designer of the software, has said that not all users of Centum CS 3000 need to apply patches immediately, and that it depends on how their systems are connected externally.

CERT teams in a number of countries have been spreading the alerts, though the UK's new team refused to comment on the issue.

Though the threat the bugs posed had been proven in laboratory conditions, Vasquez impressed, there was no evidence that online attackers are actively seeking to abuse them.

Related: The cyber-crime industry could be bigger than Google, Apple and Facebook

If anyone did gain access to a large piece of machinery, he added, they would probably be thwarted by a lack of knowledge on how to operate the complex systems.

Mark O'Neill, also speaking to the BBC, disagreed: "Security through obscurity is really no security at all," he said, before adding that it might be some time before the software can be patched or replaced, due to the ancient code that industrial equipment runs..