SCADA exploit - the dragon awakes
The recent publication of an exploit for KingView, a software package for visualising industrial process control systems, appears to be having an effect. Threatpost reports that both the Chinese vendor Wellintech and Chinese CERT (CN-CERT) have now reacted. The exploit can be used to remotely gain control of a system.
In an email to Threatpost, CN-CERT admits that it was caught napping when initially notified of the vulnerability by both the developer and US-CERT. It was not until November that a further email from US-CERT alerted it to the presence of the vulnerability and led it to rediscover the earlier emails sent in September. CN-CERT appears to have been having problems keeping on top of its inbox – it receives thousands of emails per day.
In November, CN-CERT informed the vendor Wellintech, which is reported to have released a patch on 15th December – without, however, informing CN-CERT of the fact and apparently without updating the version available to download from its web site. A general bug report has now found its way into CN-CERT's database and the vendor has released a patched library.
Dillon Beresford, who discovered the KingView vulnerabilities, complains on his blog that neither the vendor nor CN-CERT have provided any details of the vulnerability, thereby leaving customers in the dark over the risks it presents.
CN-CERT is now planning to review its procedures to ensure that it does not miss such emails in future and to ensure better contact with vendors while problems are being resolved. It is to be hoped that CN-CERT will be quick to put this into action, as Beresford claims to have discovered further vulnerabilities in Chinese SCADA software packages.