The US Department of Homeland Security (DHS) has issued a warning about the vulnerabilities in software applications from Beijing-based Sunway ForceControl Technology.
The DHS says hackers could exploit the vulnerabilities to launch attacks on critical infrastructure in China and other countries where the software is used, including the US.
Open door for hackers
The flaws were identified by security firm NSS Labs, which has worked with Sunway, the Chinese authorities and the DHS to produce security patches.
But NSS Labs says it could take customers months to install the patching, giving attackers a window of opportunity to exploit the vulnerabilities.
The discovery of the flaws comes amid growing concern since the discovery of the Stuxnet worm about the safety of supervisory control and data acquisition (SCADA) computer systems used to control processes in a wide variety of power plants and water distribution networks.
SCADA systems suppliers should patch vulnerabilities
NSS Labs has urged suppliers of SCADA systems to patch vulnerabilities instead of sitting on them because these systems are inherently flawed by design.
In May, the firm announced that it had discovered several methods hackers could use to sabotage critical national infrastructure.
NSS researcher Dillon Beresford, who discovered the Sunway flaws, reported finding "multiple vulnerabilities" in Siemens programmable logic controllers (PLCs) targeted by Stuxnet.
While Stuxnet targeted PLCs through operating system software, NSS researchers found ways to reprogram the devices directly if they can be reached on a network.