WellinTech Kingview 6.53 Remote Heap Overflow

Act Now9.8ICS-CERT ICSA-11-017-01Oct 20, 2011

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

WellinTech KingView versions before 6.53 contain a remote heap buffer overflow vulnerability (CWE-119). A remote attacker can send a specially crafted network request to trigger a heap memory overflow on the target system. This could allow denial of service (crash) or arbitrary code execution with KingView process privileges. No patch is available from the vendor for this vulnerability.

What this means

What could happen

A remote attacker could exploit a heap overflow in KingView to crash the application or execute arbitrary code with the same privileges as the KingView process, potentially disrupting HMI visualization and control of monitored industrial equipment.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using WellinTech KingView as an HMI (Human-Machine Interface) or SCADA visualization platform. This affects any facility where KingView displays real-time process data or accepts remote commands for industrial equipment control.

How it could be exploited

An attacker on the network sends a specially crafted request to the KingView application (port and protocol not specified in advisory, likely network-based based on "remotely exploitable" nature). The malformed data triggers a heap buffer overflow, allowing the attacker to overwrite heap memory and either trigger a denial of service or inject executable code into the process.

Prerequisites

Network access to KingView application
No authentication required

Remotely exploitableNo authentication requiredLow complexity attackHigh EPSS score (55.7%)No patch availableEnd-of-life product

Exploitability

High exploit probability (EPSS 55.7%)

Affected products (1)

ProductAffected VersionsFix Status

KingView: <6.53<6.53No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to KingView application to trusted engineering and operations workstations only using firewall rules and network segmentation

WORKAROUNDDisable KingView if not actively required for operations, or isolate it on an air-gapped network segment

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor KingView process for unexpected terminations or behavior anomalies

Mitigations - no patch available

0/1

KingView: <6.53 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPlan upgrade to a vendor product that receives security updates, as KingView 6.53 is at end-of-life with no patch planned

CVEs (1)

CVE-2011-0406

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4f3b53d3-06eb-43ff-92af-5e1f6407bd49