China Industrial Control Software Vulnerable To Trojan Attack

  /     /     /  
Publicated : 22/11/2024   Category : security


China Industrial Control Software Vulnerable To Trojan Attack


Bug could allow an attacker to take control of a widely used Chinese SCADA system by using a Stuxnet-type exploit.



(click image for larger view)
Slideshow: Top 15 Data Visualization Tips
Widely used Chinese control system software is at risk from a serious vulnerability that attackers could exploit to compromise industrial control environments.
The specific warning concerns KingView 6.53, a supervisory control and data acquisition (SCADA) application used throughout China. The software has a process heap overflow bug that an attacker could exploit to execute arbitrary code and take full control of the targeted system, said Dillon Beresford, a security researcher at NSS Labs, who detailed the vulnerability on his
personal blog
.
This is not any old software, he said. The vulnerability affects one of the most widely trusted and used supervisory control and data acquisition applications in China. Indeed, the KingView data visualization software is reportedly used throughout Chinas defense, aerospace, energy, and manufacturing sectors.
Beresford said he notified both the software vendor, Wellintech, and CN-CERT, Chinas computer emergency response team, about the vulnerability. Neither responded, and the vulnerable software remains available for download via Wellintechs Web site.
So on Sunday, he publicly released details about the vulnerability. After waiting several months to see if Wellintech would quietly issue a patch to fix the security vulnerability, they didnt, he said. My initial disclosure to the vendor contained enough pertinent information and the proof of concept code to trigger the bug and overwrite pointers in memory, thus allowing arbitrary code execution. Beresford also released his proof-of-concept attack code -- a TCP bind shell developed using the Metasploit Framework -- in standalone form and via the Exploit Database. The proof of concept only works against systems running Windows XP SP1. Even so, the clock is ticking to see what will happen first -- Wellintech patches its software, or zero-day attacks surface that exploit the vulnerability.
Of course, the KingView vulnerability raises the possibility that a Stuxnet-like Trojan application could be developed to exploit Chinese control environments. Stuxnet, notably, was apparently developed to disable
Iranian nuclear enrichment facilities
. Security experts suspect that the exploits development team likely had government backing as well as a complete copy of the targeted production environment.
Chinese organizations rely heavily on homegrown SCADA software, and Beresford told
Threatpost
that hes also discovered bugs in other Chinese SCADA software, which he studies in his spare time. He said hes attempting to contact the vendors of the other affected products.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
China Industrial Control Software Vulnerable To Trojan Attack