US Warns of Problems in Chinese SCADA Software

Two vulnerabilities found in industrial control system software made in China but used worldwide could be remotely exploited by attackers, according to a warning issued on Thursday by the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

The vulnerabilities were found in two products from Sunway ForceControl Technology, a Beijing-based company that develops SCADA (supervisory control and data acquisition) software for a wide variety of industries, including defense, petrochemical, energy, water and manufacturing, the agency said.

Sunway's products are mostly used in China but also in Europe, the Americas, Asia and Africa, according to the agency's advisory.

The problems could cause a denial of service issue or remote code exploitation in Sunway's ForceControl 6.1 WebServer and its pNetPower AngelServer products. Both issues were found by Dillon Beresford, who works for the security testing company NSS Labs.