SCADAhacker .com

Think like a hacker...
to secure industrial control systems.

Home -> Resources -> SCADA/ICS Vulnerability Reference -> Sunway ForceControl SCADA

Sunway ForceControl SCADA 6.1 Structured Exception Handler (SEH) Vulnerability

August 26, 2011

Sunway ForceControl is prone to multiple heap-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit these issues to execute arbitrary code on the affected device. Failed exploit attempts will result in a denial-of-service condition.

SCADAhacker comment:
There appears to be two different vulnerabilities, and confusion on the public exploits that have been disclosed. The original vulnerability was responsibly disclosed in May by Dillon Beresford (NSS Labs), while details of the second disclosure (August) are still unclear. Both affect the vulnerable v6.1 of the ForceControl SCADA package, and have been consolidated into a single report.

ICS-CERT Advisories / Alerts

ICS-ALERT-11-238-01A
ICS-ALERT-11-238-01
ICSA-11-167-01

Vendor Website (include Patches / Hotfixes)

Sunway (Chinese / English)
ForceControl v6.1 (Chinese / English)
Sunwayland Security Advisory Page (Chinese / English) PATCH AVAILABLE

Exploit Proof-of-Concept

httpsrv.exe exploit - Security Focus
httpsrv.exe exploit - Packet Storm

Common Vulnerability & Exposure (CVE) References

CVE-2011-2960
CNVD-2011-05347 (Chinese / English)

Additional Information

Exploit-DB ID 17721
IBM Internet Security Systems ID 69426
Open-Source Vulnerability Database #75023
Open-Source Vulnerability Database #73 124
Secunia Advisory #4 5033
Security Focus Vulnerability Info and Exploit Bugtraq ID 49346
Security Focus Vulnerability Info and Exploit Bugtraq ID 48328
Security Tracker Alert ID 1025672

Breach: More SCADA System Holes (ISSSource)