Original URL: http://www.theregister.co.uk/2011/06/17/china_factory_hack/

US reveals Stuxnet-style vuln in Chinese SCADA 'ware

Nothing must interrupt our supply of iPads and bras

By John Oates

Posted in Security, 17th June 2011 10:13 GMT

The US Department of Homeland Security is warning of holes in Chinese infrastructure software which could leave factories and power stations vulnerable to hack attacks.

The problems, similar to those suffered by Siemens in Iran, are within Sunway ForceControl 6.1 and pNetPower Version 6 - used to runcontrol systems for factories, power plants and other utilities.

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Advisory warns that the hole could allow hackers to launch a denial of service attack or possible execution of arbitary code.

The software is mainly used in China but claims some customers in Europe, the Americas and Asia and Africa. There have been no known exploits of the vulnerability and attackers would need an intermediate level of skill to use it.

The problem was spotted by Dillon Beresford of NSS Labs.

There's more on the holes, and links to patches, in this pdf. ®