Two vulnerabilities found in industrial control system software made in China but used worldwide could be remotely exploited by attackers, according to a warning issued on Thursday by the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Two vulnerabilities found in industrial control system software made in China but used worldwide could be remotely exploited by attackers, according to a warning issued on Thursday by the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).The vulnerabilities were found in two products from Sunway ForceControl Technology, a Beijing-based company that develops SCADA (supervisory control and data acquisition) software for a wide variety of industries, including defense, petrochemical, energy, water and manufacturing, the agency said. Sunway’s products are mostly used in China but also in Europe, the Americas, Asia and Africa, according to the agency’s advisory.The problems could cause a denial of service issue or remote code exploitation in Sunway’s ForceControl 6.1 WebServer and its pNetPower AngelServer products. Both issues were found by Dillon Beresford, who works for the security testing company NSS Labs. Sunway issued patches for the vulnerabilities on May 20 and thanked Beresford for his research in an advisory. ICS-CERT said there are no known exploits for the vulnerabilities, but computer security experts generally recommend patching software as soon as possible.ICS-CERT added that its unlikely someone could create consistent exploit code for the two vulnerabilities, and that an attacker would need to have “intermediate” skills to exploit the problems. SCADA software has come under increasing attention from security researchers, as the software has often not undergone rigorous security audits despite its use to manage critical infrastructure or manufacturing processes. SCADA systems are increasingly connected to the Internet, which has opened up the possibility of hackers remotely breaking into the systems.Last year, researchers discovered a highly sophisticated worm called Stuxnet that was later found to target Siemens’ WinCC industrial control software. Stuxnet is widely believed to have been created with the intention of disrupting Iran’s uranium enrichment program.Send news tips and comments to jeremy_kirk@idg.com Related content news Insider risks are getting increasingly costly The cost of cybersecurity threats caused by organization insiders rose over the course of 2023, according to a new report from the Ponemon Institute and DTEX Systems. By Jon Gold Sep 20, 2023 3 mins Budget Budget Pricing news US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks Cyber insurance claims frequency increased by 12% in the first half of 2023 while claims severity increased by 42% with an average loss amount of more than $115,000. By Michael Hill Sep 20, 2023 3 mins Insurance Industry Risk Management news Intel Trust Authority attestation services now in general availability Formerly known as Project Amber, Intel’s attestation services support confidential computing deployments. By Michael Nadeau Sep 20, 2023 3 mins Zero Trust Security Hardware news Venafi taps generative AI to streamline machine identity management Venafi’s Athena, based on a new large language model (LLM), offers users a natural language interface and provides developers with automated code generation for important integrations. By Shweta Sharma Sep 20, 2023 6 mins Generative AI Identity Management Solutions Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe