Sunway ForceControl SCADA HTTP Request Remote Buffer Overflow


Description   A vulnerability has been identified in Sunway ForceControl SCADA, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by a buffer overflow error when processing overly long HTTP requests, which could allow remote unauthenticated attackers to execute arbitrary code.
     
Vulnerable Products   Vulnerable Software:
Sunway ForceControl version 6.1 SP3 and prior
     
Solution  
     
CVE  
     
References   http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-238-01.pdf
http://www.exploit-db.com/exploits/17721/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Possible buffer overflow on URL
3.2.0
     


 
 
 
 
 Risk level 
Critical 

 Vulnerability First Public Report Date 
2011-08-29 

 Target Type 
Server 

 Possible exploit 
Local & Remote