China SCADA Software Vulnerabilities

Thursday, January 13, 2011 @ 08:01 PM gHale

Software vulnerabilities are everywhere, so learning today there is an application that is an open target in China really comes as no surprise.

This warning concerns KingView 6.53, a supervisory control and data acquisition (SCADA) application used throughout China. The software has a process heap overflow bug an attacker could exploit to execute arbitrary code and take full control of the targeted system, said Dillon Beresford, a security researcher at NSS Labs, who detailed the vulnerability on his personal blog.

This vulnerability affects one of the most widely trusted and used supervisory control and data acquisition applications in China, Beresford said. The KingView data visualization software sees use throughout China’s defense, aerospace, energy, and manufacturing sectors, according to reports.

Beresford said he notified the software vendor, Wellintech, and CN-CERT, China’s computer emergency response team, about the vulnerability. Neither responded, and the vulnerable software remains available for download via Wellintech’s Web site.

After hearing no word, he released details about the vulnerability.

Leave a Reply

You must be logged in to post a comment.