Sunway Force Control

Act Now9.8ICS-CERT ICSA-11-167-01Mar 19, 2011

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Sunway ForceControl and pNetPower contain a buffer overflow vulnerability (CWE-119) in network communication handling that allows remote code execution. The vulnerability affects versions 6.1 (SP1, SP2, SP3) of ForceControl and version 6 of pNetPower. No vendor fix is available for either product.

What this means

What could happen

An attacker could execute arbitrary code on ForceControl or pNetPower systems, potentially allowing them to modify process parameters, halt operations, or manipulate data in energy generation or distribution systems.

Who's at risk

Energy sector organizations using Sunway ForceControl (version 6.1 SP1/SP2/SP3) or pNetPower (version 6) for power generation, distribution automation, or industrial process control. This includes utilities managing SCADA systems, RTUs, and control servers in electric generation and transmission facilities.

How it could be exploited

An attacker with network access to the ForceControl or pNetPower server would send a specially crafted network packet designed to overflow a buffer in the communication handler, allowing injection of arbitrary code that executes with system privileges.

Prerequisites

Network access to ForceControl or pNetPower server (typically port 502 or proprietary control ports)
No authentication required

remotely exploitableno authentication requiredlow complexityhigh EPSS score (33.7%)no patch availableaffects energy sector control systems

Exploitability

High exploit probability (EPSS 33.7%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

pNetPower: 66No fix (EOL)

Sunway ForceControl: 6.1|SP1|SP2|SP36.1|SP1|SP2|SP3No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGImplement network segmentation to isolate ForceControl and pNetPower systems from untrusted networks using air-gapping or strict firewall rules that only allow connections from authorized engineering workstations and control centers

HARDENINGDeploy intrusion detection/prevention systems (IDS/IPS) configured to detect and block malformed network packets targeting ForceControl and pNetPower ports

HARDENINGMonitor network traffic to ForceControl and pNetPower systems for unauthorized connection attempts

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: pNetPower: 6, Sunway ForceControl: 6.1|SP1|SP2|SP3. Apply the following compensating controls:

HARDENINGEvaluate replacement or upgrade path to ForceControl versions beyond 6.1 SP3 or alternative control software with available security patches

CVEs (1)

CVE-2011-2960

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/734ac423-1df8-4df6-af12-4ea490cf906b