Industrial control: exploit to wake the sleeping Chinese dragon
KingView, an application for visualising process data in industrial control systems which is reported to be in widespread use in China, contains a critical vulnerability; this can be used to remotely compromise a system and an exploit has now been published. The vulnerability has similarities to Stuxnet, which also exploited vulnerabilities to penetrate SCADA systems.
According to Dillon Beresford, a security specialist at NSS Labs, WellinTech, the company behind KingView, was informed of the problem in September, but has yet to respond. The vulnerable software is still available to download (direct download). Unresponsive vendors are not uncommon, but Beresford expresses particular surprise that Chinese CERT (CN-CERT) has also failed to react, despite having also been informed of the vulnerability. Receipt of his email has not even been acknowledged.
Beresford reports that CN-CERT also failed to react on being contacted by US-CERT. According to information provided by distributors, KingView is even used in the Chinese aerospace and national defence industries. On his blog, Beresford wonders aloud what CN-CERT does with its days. To try to wake the sleeping dragon, he elected to publish an exploit for the vulnerability. The code, written in Python, triggers a heap overflow and uses injected shell code to open a shell on port 4444.