Pages

Sunway ForceControl and pNetPower Heap Overflow Vulnerabililities

Vulnerability

Multiple vulnerabilities have been identified inSunway ForceControl and pNetPower SCADA/HMI applications. The reported vulnerabilities are heap-based buffer overflows. Sunway has issued two patches that address both vulnerabilities. Sunway has issued a security bulletin describing their response. that could result in a denial of service or the execution of arbitrary code.

Affected Systems

  • Sunway ForceControl 6.1 (SP1, SP2, and SP3) and pNetPower Version 6.

Impact

An unauthenticated, remote attacker can exploit a heap overflow vulnerability to create a denial of service condition, execute arbitrary code on affected systems to gain remote control of the system, or cause it to crash.

Detection

Digital Bond has not released a Quickdraw IDS Signature for this vulnerability at this time.

Remediation

Sunway has developed patches for both vulnerabilities, available at the Sunway website: http://www.eforcecon.com/download_view.asp?Nid=3594

External Links

ICSA-11-167-01—HEAP OVERFLOW VULNERABILITIES IN SUNWAY FORCECONTROL AND PNETPOWER