China Industrial Control Software Vulnerable To Trojan AttackChina Industrial Control Software Vulnerable To Trojan Attack
Bug could allow an attacker to take control of a widely used Chinese SCADA system by using a Stuxnet-type exploit.
January 13, 2011

Top 15 Data Visualization Tips
(click image for larger view)
Slideshow: Top 15 Data Visualization Tips
Widely used Chinese control system software is at risk from a serious vulnerability that attackers could exploit to compromise industrial control environments.
The specific warning concerns KingView 6.53, a supervisory control and data acquisition (SCADA) application used throughout China. The software has a process heap overflow bug that an attacker could exploit to execute arbitrary code and take full control of the targeted system, said Dillon Beresford, a security researcher at NSS Labs, who detailed the vulnerability on his personal blog.
"This is not any old software," he said. "The vulnerability affects one of the most widely trusted and used supervisory control and data acquisition applications in China." Indeed, the KingView data visualization software is reportedly used throughout China's defense, aerospace, energy, and manufacturing sectors.
Beresford said he notified both the software vendor, Wellintech, and CN-CERT, China's computer emergency response team, about the vulnerability. Neither responded, and the vulnerable software remains available for download via Wellintech's Web site.
So on Sunday, he publicly released details about the vulnerability. "After waiting several months to see if Wellintech would quietly issue a patch to fix the security vulnerability, they didn't," he said. "My initial disclosure to the vendor contained enough pertinent information and the proof of concept code to trigger the bug and overwrite pointers in memory, thus allowing arbitrary code execution." Beresford also released his proof-of-concept attack code -- a TCP bind shell developed using the Metasploit Framework -- in standalone form and via the Exploit Database. The proof of concept only works against systems running Windows XP SP1. Even so, the clock is ticking to see what will happen first -- Wellintech patches its software, or zero-day attacks surface that exploit the vulnerability.
Of course, the KingView vulnerability raises the possibility that a Stuxnet-like Trojan application could be developed to exploit Chinese control environments. Stuxnet, notably, was apparently developed to disable Iranian nuclear enrichment facilities. Security experts suspect that the exploit's development team likely had government backing as well as a complete copy of the targeted production environment.
Chinese organizations rely heavily on homegrown SCADA software, and Beresford told Threatpost that he's also discovered bugs in other Chinese SCADA software, which he studies in his spare time. He said he's attempting to contact the vendors of the other affected products.
Read more about:
2011About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023