WellinTech Corrects KingSCADA Hole

Wednesday, April 9, 2014 @ 05:04 PM gHale

WellinTech created a patch that mitigates a stack-based buffer overflow in its KingSCADA Stack, according to a report on ICS-CERT.

An anonymous researcher working with HP’s Zero Day Initiative found the remotely exploitable vulnerability.

Siemens Beats the BEAST
Advantech Fixes WebAccess Vulnerabilities
Schneider Patches OPC Buffer Overflow
Siemens ROS Improper Input Validation

All versions of KingSCADA prior to v3.1.2.13 suffer from the vulnerability.

Successful exploitation of the reported vulnerability could allow an attacker to execute remote code.

WellinTech is a software development company specializing in automation and control. The company’s headquarters is in Beijing, China, with branches in the United States, Japan, Singapore, Europe, and Taiwan.

The WellinTech web site describes KingSCADA as a Windows-based control, monitoring, and data collection application deployed across several sectors including energy, water and wastewater systems, commercial facilities, and others.

The KingSCADA application has a stack-based buffer overflow vulnerability where the application overwrites the structured exception handler (SEH). An attacker could send a specially crafted packet to KingSCADA, and the application would handle the packet incorrectly, causing a stack-based buffer overflow. This could allow the attacker to execute arbitrary code as the currently running user, which would affect confidentiality, integrity, and availability.

CVE-2014-0787 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 10.0.

No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.

WellinTech has created a patch and instructions for installation that are available for download.

Leave a Reply

You must be logged in to post a comment.