Sunway ForceControl SCADA 6.1 Structured Exception Handler (SEH) Vulnerability
August 26, 2011
Sunway ForceControl is prone to multiple heap-based
buffer-overflow vulnerabilities because the application
fails to perform adequate boundary checks on user-supplied
data.
Attackers can exploit these issues to execute arbitrary code
on the affected device. Failed exploit attempts will result
in a denial-of-service condition.
SCADAhacker
comment:
There appears to be two different vulnerabilities, and
confusion on the public exploits that have been disclosed.
The original vulnerability was responsibly disclosed in May
by Dillon Beresford (NSS Labs), while details of the second
disclosure (August) are still unclear. Both affect the
vulnerable v6.1 of the ForceControl SCADA package, and have
been consolidated into a single report.