ICS-CERT: WellinTech’s Kingview SCADA Vulnerability

Thursday, December 22, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

ICS-CERT has publicly released an advisory for a heap-based buffer overflow vulnerability in WellinTech’s Kingview HistoryServer.exe.

According to the WellinTech - a company specializing in the Automation and Control industry based in Beijing, China - KingView is a Windows-based control, monitoring and data collection application utilized in ICS networks for power, water, building automation, mining, and other sectors.

Security researcher Luigi Auriemma first reported the vulnerability to the Zero Day Initiative (ZDI) which notified ICS-CERT. A CVSS V2 base score of 10 has also been assigned to this vulnerability based on the seriousness of a possible exploit.

"An attacker can exploit this vulnerability by sending a specially crafted packet to Port 777/TCP that exceeds a specified length and contains executable code... Successful exploitation of the heap overflow vulnerability could allow a remote attacker to cause the service to crash, and also may allow the execution of arbitrary code," the advisory states.

ICS-CERT has received no reports of active exploitation of this vulnerability, and WellinTech has made available a patch to remediate the flaw.

Mitigation:

WellinTech has created a patch and instructions for installation that is available for download on its website at:

ICS-CERT encourages asset owners to take additional defensive measures to protect against this and other cybersecurity risks:

  • Implement network or host-based firewall rules to limit network access to Port 777/TCP.
  • Minimize network exposure for all control system devices. Critical devices should not directly face the Internet.
  • Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPN is only as secure as the connected devices.

The full ICS-CERT advisory can be found here:

Source:  http://www.us-cert.gov/control_systems/pdf/ICSA-11-355-02.pdf

Possibly Related Articles:
16666
Network->General
Information Security
SCADA Vulnerabilities Headlines Infrastructure Critical Patch Updates ICS ICS-CERT Industrial Control Systems WellinTech KingView
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.