WellinTech KingSCADA Insecure Password Encryption

Low RiskICS-CERT ICSA-12-129-01Feb 9, 2012

Summary

WellinTech KingSCADA 3.0 uses insecure password encryption (CWE-311), allowing an attacker with access to password storage to recover plaintext credentials. No patch is available from the vendor. This vulnerability affects all instances of KingSCADA 3.0.

What this means

What could happen

An attacker with network access to a KingSCADA installation could extract and decrypt stored passwords, gaining unauthorized access to engineering accounts and potentially modifying control logic or process setpoints.

Who's at risk

Energy sector operators using WellinTech KingSCADA 3.0 for SCADA automation and control should be aware of this vulnerability. This affects any facility relying on KingSCADA for supervisory control of generation, transmission, or distribution equipment.

How it could be exploited

An attacker gains network access to the KingSCADA server, extracts password files, and uses weak or broken encryption to recover plaintext credentials. With valid engineering credentials, the attacker can log in to the SCADA interface and modify control parameters or automation logic.

Prerequisites

Network access to KingSCADA server or database
Ability to read or extract password storage files from the system

no patch availableweak password encryptionlow EPSS score but high impact if exploited

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (1)

ProductAffected VersionsFix Status

WellinTech KingSCADA: 3.03.0No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGDeploy firewall rules to limit inbound connections to the KingSCADA server to trusted IP addresses and required ports only

HARDENINGMonitor for unauthorized access attempts and credential misuse on KingSCADA accounts through logging and alerting

HARDENINGEnforce strong, unique passwords for all KingSCADA engineering accounts and consider implementing password managers

Mitigations - no patch available

0/1

WellinTech KingSCADA: 3.0 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to restrict access to KingSCADA systems to authorized engineering workstations only

CVEs (1)

CVE-2012-1977

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/785c1f7a-7612-47a5-aacc-c5a486bf1e3c