WellinTech Patches Vulnerability

Wednesday, February 13, 2013 @ 11:02 PM gHale

Mitigation details are available for a buffer overflow vulnerability that impacts the WellinTech KingView KingMess application, according to a ICS-CERT report.

WellinTech produced and released a patch on November 15, 2012, that mitigates this vulnerability. Researchers Lucas Apa and Carlos Mario Penagos Hollman of IOActive, who found the hole, validated the patch fixes the vulnerability. Exploitation of this vulnerability could allow loss of confidentiality and integrity.

Moxa Mitigates Router Hole
Ecava Patches Vulnerability
Beijer Fixes Vulnerability
GE Patches 2 Proficy Vulnerabilities

The following KingView versions suffer from the remotely exploitable vulnerability:
• KingView 6.52 (kingMess.exe 65.20.2003.10300)
• KingView 6.53 (kingMess.exe 65.20.2003.10400)
• KingView 6.55 (kingMess.exe 65.50.2011.18049)

Successful exploitation of this vulnerability will allow an attacker to execute arbitrary code as the running user. This vulnerability could impact multiple sectors, including power, water, and manufacturing.

WellinTech is a China-based company that maintains offices in several countries around the world, including the U.S., Japan, Singapore, Taiwan, and Europe.

The affected product, KingView, is a Web-based SCADA application for Windows-based control, monitoring, and data collection. According to WellinTech, KingView is in several sectors and sees use in power, manufacturing, water and wastewater, building automation, mining, environmental protection, metallurgy, and others.

The KingMess application in KingView has a memory corruption vulnerability where the application handles exception information incorrectly. An attacker could send a specially crafted packet to KingView, and the KingMess application would handle the packet incorrectly, causing a memory buffer overflow. This could allow the attacker to execute arbitrary code as the currently running user, which would affect confidentiality, integrity, and availability.

CVE-2012-4711 is the number assigned to this vulnerability, which has a CVSS v2 base score of 10.

No known public exploits specifically target this vulnerability. An attacker with a high skill level would be able to exploit this vulnerability.

WellinTech recommends all customers using KingView 6.52, 6.53, or 6.55 download the patch for their version of KingView that mitigates this vulnerability.

Leave a Reply

You must be logged in to post a comment.