WellinTech KingView 6.53 < 2012-03-22 Multiple Vulnerabilities

critical Nessus Plugin ID 59377

Synopsis

The remote Windows host contains a SCADA application that is affected by multiple vulnerabilities.

Description

According to its version, the instance of WellinTech KingView installed on the remote Windows host is affected by multiple vulnerabilities:

- A denial of service vulnerability in 'NetGenius.exe' when parsing invalid pointer packets resulting in a buffer overflow.

- A directory traversal vulnerability in 'Touchvew.exe' due to not sanitizing user input.

- An insecure DLL loading vulnerability. (CVE-2012-1819)

- A stack-based buffer overflow vulnerability that may be exploited via a specially-crafted packet sent to port 555. (CVE-2012-1830)

- A heap-based buffer overflow vulnerability that may be exploited via a specially-crafted packet sent to port 555. (CVE-2012-1831)

- An out-of-bounds read error that may be exploited via a specially-crafted packet sent to port 2001.
(CVE-2012-1832)

- A directory traversal vulnerability that may be exploited via a specially-crafted HTTP GET request on port 8001. (CVE-2012-2560)

Solution

Install the patch referenced in the vendor's advisory.

See Also

http://web.archive.org/web/20110421065111/http://en.wellintech.com:80/products/detail.aspx?contentid=15

http://en.wellintech.com/news/detail.aspx?contentid=168

http://www.wellintech.com/index.php/news/33-patch-for-kingview653

Plugin Details

Severity: Critical

ID: 59377

File Name: scada_kingview_6_53_2012-03-22.nbin

Version: 1.234

Type: local

Agent: windows

Family: SCADA

Published: 6/5/2012

Updated: 11/22/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2012-1830

Vulnerability Information

CPE: cpe:/a:wellintech:kingview

Required KB Items: SCADA/Apps/WellinTech/KingView/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/22/2012

Vulnerability Publication Date: 3/22/2012

Reference Information

CVE: CVE-2012-1819, CVE-2012-1830, CVE-2012-1831, CVE-2012-1832, CVE-2012-2560

BID: 53316, 53370, 54280

ICSA: 12-122-01, 12-185-01