WellinTech KingSCADA < 3.1.2.13-EN 'kxNetDispose.dll' Buffer Overflow RCE

critical Nessus Plugin ID 81553

Synopsis

The WellinTech KingSCADA server installed on the remote host is affected by a remote code execution vulnerability.

Description

The WellinTech KingSCADA server installed on the remote host is a version prior to 3.1.2.13-EN. It is, therefore, affected by a stack-based buffer overflow flaw in 'kxNetDispose.dll' due to improper validation of user-supplied input. A remote, unauthenticated attacker, by sending a specially crafted packet used for the calculation of copy operation sizes, can exploit this to cause the structured exception handler (SEH) to be overwritten, resulting in the execution of arbitrary code or a denial of service.

Solution

Upgrade KingSCADA to version 3.1.2.13-EN.

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-14-098-02

https://www.zerodayinitiative.com/advisories/ZDI-14-071/

Plugin Details

Severity: Critical

ID: 81553

File Name: scada_kingscada_kxnetdispose_bof.nbin

Version: 1.109

Type: local

Agent: windows

Family: SCADA

Published: 2/26/2015

Updated: 11/22/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2014-0787

Vulnerability Information

CPE: cpe:/a:wellintech:kingscada

Required KB Items: installed_sw/WellinTech KingSCADA

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/10/2014

Vulnerability Publication Date: 4/8/2014

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-0787

BID: 66709

ICSA: 14-098-02