Vulnerable Software Popular in China

Friday, January 14, 2011 @ 03:01 PM gHale

KingView, the software that has a warning attached to it, is a very popular supervisory control and data acquisition (SCADA) software option in China.

It competes against some of the more popular and more pricey SCADA software packages out there like Intellution and Wonderware.

The software is more of a low-priced software and is popular in China, particularly in factory automation.
The warning concerns KingView 6.53. The software has a process heap overflow bug an attacker could exploit to execute arbitrary code and take full control of the targeted system, said Dillon Beresford, a security researcher at NSS Labs, who detailed the vulnerability on his personal blog.

This vulnerability affects one of the most widely trusted and used supervisory control and data acquisition applications in China, Beresford said. The KingView data visualization software sees use throughout China’s defense, aerospace, energy, and manufacturing sectors, according to reports.

Beresford said he notified the software vendor, Wellintech, and CN-CERT, China’s computer emergency response team, about the vulnerability. Neither responded, and the vulnerable software remains available for download via Wellintech’s Web site.

After hearing no word, he released details about the vulnerability.

Leave a Reply

You must be logged in to post a comment.