Security researcher Dillon Beresford uncovered two SCADA (supervisory control and data acquisition) vulnerabilities that would allow denial-of-service attacks and remote code execution.
security researcher discovered several vulnerabilities in industrial control
systems software from China that can be exploited remotely.
vulnerabilities can be used to knock out or take over SCADA (supervisory control
and data acquisition) systems from Chinese firm Sunway ForceControl Technology,
the U.S. Department of Homeland Security's Industrial
Control Systems Cyber-Emergency Response Team
said June 14 in its security advisory.
The heap overflow vulnerabilities were discovered in Sunway's Force Control and
pNetPower products by NSS Labs
researcher Dillon Beresford.
has patched both holes and released software updates for affected systems.
ICS-CERT coordinated with Beresford, the China National Vulnerability Database
and Sunway to resolve the problem.
successful exploitation of these vulnerabilities "can result in adverse
application conditions and ultimately impact the production environment on
which the SCADA system is used," said the ICS-CERT advisory.
security bugs affect the Web server components in Force Control version 6.1 and
pNetPower version 6, according to Beresford. The vulnerabilities could be used
by a remote attacker to perform a denial-of-service attack on systems running
the affected programs and knock it offline, according to the ICS-CERT bulletin.
They could also run malicious code against the applications.
Control and pNetPower are widely used in Europe and the Americas to control
critical infrastructure in the petroleum production, petrochemical, defense,
transportation, water, manufacturing and energy industries. Sunway systems are
also widely used in China to run weapons systems, utilities and chemical
plants. If attackers launch a denial-of-service attack, the networks that
control, for example, a petroleum pipeline or other sensitive systems would effectively
be shut down, according to the bulletin.
has uncovered a number of security
in the SCADA systems recently, including issues in the
Siemens Step 7 controllers. China's
is extremely vulnerable to cyber-attack, Beresford found,
with multiple issues in its systems that can be exploited by cyber-criminals.
vulnerabilities are particularly worrying because the Stuxnet worm that
targeted nuclear facilities in Iran exploited vulnerabilities in Siemens' SCADA
software. Stuxnet hijacked the control and behavior of programmable logic
controller devices that handled nuclear material centrifuges and other systems
in the nuclear plant.
systems are notoriously insecure because they were originally designed to
operate on an "isolated network," Avishai Wool, CTO of AlgoSec, told eWEEK.
Attackers originally had to first gain physical access to the systems in order
to attack critical infrastructure. Hacking SCADA systems also required a lot of
technical know-how and proper equipment, according to Wool.
offered security by obscurity," Wool said.
that many SCADA systems are connected to the Internet and others are connected
to broader IT industrial networks, the systems are vulnerable because they
can't differentiate between legitimate and malicious requests. In addition,
there is no built-in authentication process to protect the session from being
hijacked. SCADA was not designed with any security features at all, according
industry should replace the "overly simplistic protocols" with ones that
provide authentication, access control, audit and encryption, Wool said. But
until then, IT departments should implement sniffing, scanning, filtering,
firewalls and networking intrusion detection systems to protect critical
potential impact "depends on many factors that are unique to each
organization," ICS-CERT said in its advisory. Even though there are no known
exploits for the two issues currently in the wild and an attacker would need to
have "intermediate" skills to create consistent exploit code, security issues
should be patched as soon as possible.
overflow issues are a specific type of buffer overflow bugs that affect memory
that is dynamically allocated when a software application is running. Attackers
can exploit the problem to corrupt the heap data to change how the application
runs and force it to execute malicious code or crash.