We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

US warns of problems in Chinese SCADA software

Sunway ForceControl Technology has released patches for two vulnerabilities identified by the US CERT

Two vulnerabilities found in industrial control system software made in China but used worldwide could be remotely exploited by attackers, according to a warning issued on Thursday by the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

The vulnerabilities were found in two products from Sunway ForceControl Technology, a Beijing-based company that develops SCADA (supervisory control and data acquisition) software for a wide variety of industries, including defense, petrochemical, energy, water and manufacturing, the agency said.

Sunway's products are mostly used in China but also in Europe, the Americas, Asia and Africa, according to the agency's advisory.

The problems could cause a denial of service issue or remote code exploitation in Sunway's ForceControl 6.1 WebServer and its pNetPower AngelServer products. Both issues were found by Dillon Beresford, who works for the security testing company NSS Labs.

Sunway issued patches for the vulnerabilities on May 20 and thanked Beresford for his research in an advisory. ICS-CERT said there are no known exploits for the vulnerabilities, but computer security experts generally recommend patching software as soon as possible.

ICS-CERT added that its unlikely someone could create consistent exploit code for the two vulnerabilities, and that an attacker would need to have "intermediate" skills to exploit the problems.

SCADA software has come under increasing attention from security researchers, as the software has often not undergone rigorous security audits despite its use to manage critical infrastructure or manufacturing processes. SCADA systems are increasingly connected to the Internet, which has opened up the possibility of hackers remotely breaking into the systems.

Last year, researchers discovered a highly sophisticated worm called Stuxnet that was later found to target Siemens' WinCC industrial control software. Stuxnet is widely believed to have been created with the intention of disrupting Iran's uranium enrichment program.

Send news tips and comments to [email protected]


IDG UK Sites

Microsoft smartwatch release date, price and specs rumours: Launching within a few weeks

IDG UK Sites

Why you shouldn't buy the iPad mini 3: No wonder Apple gave it 10 seconds of stage time

IDG UK Sites

Halloween Photoshop tutorials: 13 masterclasses for horrifying art, designs and type

IDG UK Sites

Should I upgrade from Mavericks to OS X 10.10 Yosemite? What you need to know before updating to...