Home -> Resources -> SCADA/ICS Vulnerability Reference -> Sunway ForceControl / pNetPower

Sunway ForceControl and pNetPower Multiple Security Vulnerabilities

September 22, 2011

Luigi Auriemma publically disclosed several vulnerability affecting various components of the Sunway ForceControl and pNetPower applications.

Sunway ForceControl and pNetPower is prone to multiple security vulnerabilities.  These vulnerabilities include:

1.  Stack Overflows (AngelServer, NetDBServer)
2.  Integer Overflows (WebServer, NetDBServer)
3.  Directory Traversal (WebServer)
4.  ActiveX Control Code Execution (YRWXls.ocx - Cell Software)
5.  Information Disclosure (NetServer)
6.  Denial of Service (AngelServer, NetDBServer)

Attackers can exploit these issues to execute arbitrary code in the context of the affected application, retrieve arbitrary files outside of the server root directory, or cause denial-of-service conditions; other attacks may also be possible.

Sunway ForceControl versions 6.1 sp3 and prior are vulnerable.

ICS-CERT Advisories / Alerts

ICS-ALERT-11-266-01

Vendor Website (include Patches / Hotfixes)

Sunway (Chinese / English)
ForceControl v6.1 (Chinese / English)

Exploit Proof-of-Concept

Exploit-DB ID 17885
Attackers can exploit the directory traversal vulnerability via a browser
Additional PoC links available in Disclosure Reference by Luigi Auriemma

Common Vulnerability & Exposure (CVE) References

Not available at this time.

Additional Information

Disclosure (Luigi Auriemma)
Exploit-DB ID 17885
IBM Internet Security Systems
Open-Source Vulnerability Database #75684
Secunia Advisory #46146
Security Focus Vulnerability Info and Exploit Bugtraq ID 49747

Sunway Facing Vulnerabilities (ISSSource)