The host is running Sunway ForceControl and is prone to multiple vulnerabilities.

Successful exploitation may allow remote attackers to execute arbitrary code on the system or cause a denial of service condition. Impact Level: Application

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Multiple flaws are caused due an, - Error in 'NetServer.exe' when processing certain packets can be exploited to disclose the contents of arbitrary files via directory traversal attack. - Error in 'AngelServer', Which fails to validate user-supplied input. - Error while processing certain packets in 'SNMP NetDBServer', leads to stack overflow or integer overflow in SNMP NetDBServer and execution of arbitrary code.

Sunway ForceControl version 6.1 SP1, SP2 and SP3

• http://aluigi.altervista.org/adv/forcecontrol_1-adv.txt
• http://secunia.com/advisories/46146
• http://securitytracker.com/id/1026092
• http://www.exploit-db.com/exploits/17885/
• http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-266-01.pdf
• http://xforce.iss.net/xforce/xfdb/70015

---

Updated on 2015-03-25