WellinTech’s Heap Overflow Hole

Thursday, December 22, 2011 @ 12:12 PM gHale


There is a heap-based buffer overflow vulnerability in WellinTech’s Kingview HistoryServer.exe, which may allow a remote, unauthenticated attacker to execute arbitrary code.

WellinTech has produced a patch that is available for download from its website, according to the ICS-CERT report.

RELATED STORIES
7-Technologies Patches Vulnerability
Wonderware Vulnerabilities Patched
SafeNet Sanitization Vulnerability
Holes in Schneider Ethernet Module

This vulnerability came to the Zero Day Initiative (ZDI) from independent security researcher Luigi Auriemma.

WellinTech’s KingView V65.30.2010.18018 is the version affected, the report said.

Successful exploitation of the heap overflow vulnerability could allow a remote attacker to cause the service to crash, and also may allow the execution of arbitrary code.

WellinTech is a software development company specializing in the automation and control industry based in Beijing, China. WellinTech also has offices in the United States, Japan, Singapore, Europe, and Taiwan.

KingView is a Windows-based control, monitoring and data collection application used across several sectors including power, water, building automation, mining, and other sectors, WellinTech said.

An attacker can exploit this vulnerability by sending a specially crafted packet to Port 777/TCP that exceeds a specified length and contains executable code. CVE-2011-4536 is the number assigned to this vulnerability and it has a CVSS V2 base score of 10.

WellinTech created a patch and instructions for installation available for download on its website.
English version
Chinese version



Leave a Reply

You must be logged in to post a comment.