ICS-CERT: WellinTech KingView DLL Hijack Vulnerability

Wednesday, May 02, 2012

Infosec Island Admin

7fef78c47060974e0b8392e305f0daf0

Independent researcher Carlos Mario Peñagos Hollman identified a DLL Hijack vulnerability in WellinTech’s KingView application.

WellinTech has created a patch that resolves the vulnerability. Mr. Hollman has tested the patch and verified that it resolves the vulnerability.

The following product and version are affected:

• WellinTech KingView 6.53

IMPACT

A successful exploit of this vulnerability could lead to arbitrary code execution.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.

BACKGROUND

WellinTech is a software development company specializing in the automation and control industry based in Beijing, China, with branches in United States, Japan, Singapore, Europe, and Taiwan.

According to the WellinTech website, the KingView product is a Windows-based control, monitoring, and data collection application deployed across several industries including power, water, building automation, mining, and other sectors.

VULNERABILITY OVERVIEW

UNCONTROLLED SEARCH PATH ELEMENT:  An attacker may place a malicious DLL in a directory where it will be loaded before the valid DLL. An attacker must have access to the host file system to exploit this vulnerability. If exploited, this vulnerability may allow execution of arbitrary code. CVE-2012-1819 has been assigned to this vulnerability.

EXPLOITABILITY: This vulnerability is remotely exploitable but may require the use of social engineering to exploit.

EXISTENCE OF EXPLOIT: No known public exploits specifically target this vulnerability.

DIFFICULTY: An attacker requires a moderate skill level to exploit this vulnerability.

MITIGATION

WellinTech has developed a patch to resolve this issue. The WellinTech advisory and the KingView product patch can be found here:

The full ICS-CERT advisory can be found here:

Source:  http://www.us-cert.gov/control_systems/pdf/ICSA-12-122-01.pdf

Possibly Related Articles:
7728
SCADA
Industrial Control Systems
SCADA Windows Vulnerabilities Malicious Code Advisory ICS-CERT Industrial Control Systems WellinTech DLL Hijack
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.