Multiple vulnerabilities have been identified inSunway ForceControl and pNetPower SCADA/HMI applications. The reported vulnerabilities are heap-based buffer overflows. Sunway has issued two patches that address both vulnerabilities. Sunway has issued a security bulletin describing their response. that could result in a denial of service or the execution of arbitrary code.
- Sunway ForceControl 6.1 (SP1, SP2, and SP3) and pNetPower Version 6.
An unauthenticated, remote attacker can exploit a heap overflow vulnerability to create a denial of service condition, execute arbitrary code on affected systems to gain remote control of the system, or cause it to crash.
Digital Bond has not released a Quickdraw IDS Signature for this vulnerability at this time.
Sunway has developed patches for both vulnerabilities, available at the Sunway website: http://www.eforcecon.com/download_view.asp?Nid=3594