China syndromeDHS warns of critical vulnerabilities in Chinese software
Last week DHS warned that control software widely used in China’s weapons systems, utilities, and chemical plants has dangerous weaknesses that leave it open to hackers; the warning, issued by the DHS Industrial Control Systems Cyber Emergency Response Team (ISC-CERT), stems from critical vulnerabilities found in SCADA software developed by Beijing’s Sunway ForceControl Technology
Last week DHS warned that control software widely used in China’s weapons systems, utilities, and chemical plants has dangerous weaknesses that leave it open to hackers.
The warning, issued by the DHS Industrial Control Systems Cyber Emergency Response Team (ISC-CERT), stems from critical vulnerabilities found in SCADA software developed by Beijing’s Sunway ForceControl Technology.
SCADA (Supervisory Control and Data Acquisition) softwareis used to control complex automated processes in nearly every industry including pharmaceutical manufacturing, electrical grids, oil pipelines, and nuclear power plants.
“Successful exploitation of these vulnerabilities could allow an attacker to perform a remote denial of service or to remotely execute arbitrary code against the ForceControl and pNetPower server applications,” said the DHS advisory. “This action can result in adverse application conditions and ultimately impact the production environment on which the SCADA system is used.”
The Stuxnet virus has put nations on high alert against potential vulnerabilities in SCADA software, as the virus targeted the SCADA control system controlling centrifuges at an Iranian nuclear enrichment facility causing them to spin out of controland damaging the facility.
DHS researchers worked with Sunway and the China National Vulnerability Database (CNVB) to address the vulnerabilities and Sunway has issued to software patches that correct the problem.
