The U.S. CERT has issued a security advisory firms using industrial control systems software from the Chinese firm Sunway in the U.S. after a researcher discovered remotely exploitable holes that could be used to knock out or take control systems running the company’s software. The ICS-CERT, the Computer Emergency Readiness Team for the industrial control sector, issued an advisory on June 14 after heap overflow vulnerabilities were discovered in Sunway’s Force Control and pNetPower products by NSS Labs researcher Dillon Beresford.
via Critical Infrastructure Vulnerable to Holes in Chinese SCADA Software | threatpost.