We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

US warns of problems in Chinese SCADA software

Sunway ForceControl Technology has released patches for two vulnerabilities identified by the US CERT

Two vulnerabilities found in industrial control system software made in China but used worldwide could be remotely exploited by attackers, according to a warning issued on Thursday by the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

The vulnerabilities were found in two products from Sunway ForceControl Technology, a Beijing-based company that develops SCADA (supervisory control and data acquisition) software for a wide variety of industries, including defense, petrochemical, energy, water and manufacturing, the agency said.

Sunway's products are mostly used in China but also in Europe, the Americas, Asia and Africa, according to the agency's advisory.

The problems could cause a denial of service issue or remote code exploitation in Sunway's ForceControl 6.1 WebServer and its pNetPower AngelServer products. Both issues were found by Dillon Beresford, who works for the security testing company NSS Labs.

Sunway issued patches for the vulnerabilities on May 20 and thanked Beresford for his research in an advisory. ICS-CERT said there are no known exploits for the vulnerabilities, but computer security experts generally recommend patching software as soon as possible.

ICS-CERT added that its unlikely someone could create consistent exploit code for the two vulnerabilities, and that an attacker would need to have "intermediate" skills to exploit the problems.

SCADA software has come under increasing attention from security researchers, as the software has often not undergone rigorous security audits despite its use to manage critical infrastructure or manufacturing processes. SCADA systems are increasingly connected to the Internet, which has opened up the possibility of hackers remotely breaking into the systems.

Last year, researchers discovered a highly sophisticated worm called Stuxnet that was later found to target Siemens' WinCC industrial control software. Stuxnet is widely believed to have been created with the intention of disrupting Iran's uranium enrichment program.

Send news tips and comments to [email protected]


IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model