SCADA Exploit: The dragon has awoken

The recently published exploit for the software Kingsview for visualization of process control in industrial plants has shown first results. Both the Chinese and the Chinese manufacturer Wellintech CERT (CN-CERT) have now responded as Threatpost reported. The exploit allows the acquisition of a system from a distance.

scada software exploit

In an email to Threatpost the CN-CERT admits having the first indications of the vulnerability and the US-CERT. Only in November of last year we became aware of the gap by a further mail of US-CERT and had then also the first mail rediscovered in September. Apparently, the CN-CERT has zweitweise lost track of his mail inputs because it receives thousands of emails daily.

In November, the CN-CERT informed the manufacturer Wellintech who allegedly provided a patch on 15 December supposedly – but without informing the CERT about it and obviously offer to download without the corrected version on its website. Meanwhile, a general error report is, however, been incorporated into the database of the CN-CERT and the manufacturer must provide a patched library.

The discoverer, the Kingsview gaps Dillon Beresford complains in his blog, however, about the fact that neither the manufacturer nor make the CN-CERT relevant information concerning the gap and leave customers in the dark about the risk.

The CN-CERT wants to revise its processes so that future slip through any important mails and contact the manufacturer during the correction of a problem is maintained. Hopefully, the CN-CERT continues to this quickly, because Beresford will namely have discovered gaps in other Chinese SCADA software solutions.