One of the most widely used SCADA (supervisory control and data acquisition) applications in China may be harboring a critical security vulnerability that could allow an attacker to exploit the bug
and execute arbitrary code.
The hole was discovered in an application produced by Wellintech, a Beijing based professional automation software company, according to Dillon Beresford, a security researcher at NSS Labs. Beresford wrote about the hole on his blog.
The hole is in the KingView Software, industrial automation software. That software is widely used within China and a vulnerable version of the software is available for download from Wellintech’s site, he said.
After he found the hole in September, Beresford informed Wellintech and CN-CERT, China’s national Computer Emergency Response Team, but hasn’t heard back from either. He said he is not aware of any patches or other remediation efforts to address the issue to date. Inquiries by the researcher to US-CERT suggested that no action had been taken on the vulnerability.
Threatpost requests for comment from Wellintech and US-CERT were not returned prior to publication.
Beresford
wrote a TCP bind shell script using The Metasploit Framework that is capable of exploiting the
vulnerability. That script has been submitted to Exploit-DB, an archive of exploits and
vulnerable software.
The security of SCADA and industrial control systems has become an area of widespread concern since the discovery of the Stuxnet worm in 2010. That worm, which targeted programmable logic controllers by Siemens Inc. is widely believed to have targeted uranium enrichment facilities in Iran, but spread to other countries, as well, including India. By addressing this vulnerability, China and Wellintech could
be potentially curbing the risk of a Stuxnet
or Aurora
type mishap.
