WellinTech KingView Multiple Vulnerabilities

Act NowICS-CERT ICSA-12-185-01Apr 6, 2012

Summary

WellinTech KingView and KingHistorian contain multiple buffer overflow and memory access vulnerabilities (CWE-121, CWE-122, CWE-125, CWE-35, CWE-119) in version 6.53 and 3.0 respectively. These vulnerabilities could allow unauthorized access or remote code execution on affected systems.

What this means

What could happen

An attacker who exploits these vulnerabilities could execute arbitrary code on KingView and KingHistorian systems, potentially allowing them to manipulate process data, alter operator displays, or disrupt SCADA visualization and logging functions critical to plant operations.

Who's at risk

WellinTech KingView and KingHistorian users should care—these products are commonly deployed as HMI/SCADA visualization and data logging systems in water utilities, electric utilities, and other critical infrastructure. Any organization running KingView 6.53 or KingHistorian 3.0 is at risk.

How it could be exploited

An attacker could send specially crafted input to trigger a buffer overflow or out-of-bounds memory access in KingView or KingHistorian, causing the application to execute arbitrary code with the privileges of the running service. The attack vector depends on how the application receives input (network protocol, file import, or local interaction).

Prerequisites

Access to network port or interface where KingView/KingHistorian receives untrusted input
KingView version 6.53 or KingHistorian version 3.0 installed and running

High EPSS score (18.6%)No patch availableBuffer overflow vulnerabilitiesAffects HMI/SCADA visualization systems

Exploitability

High exploit probability (EPSS 18.6%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

WellinTech KingView: 6.536.53No fix (EOL)

WellinTech KingHistorian: 3.0.3.0.No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate KingView and KingHistorian systems from untrusted networks using firewall rules and network segmentation; restrict access to authorized operator workstations and engineering networks only

WORKAROUNDDisable or restrict remote access capabilities in KingView/KingHistorian if not required for operations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from KingView/KingHistorian systems for suspicious input patterns or unauthorized connections

Long-term hardening

0/1

HOTFIXContact WellinTech to request patch availability or product update roadmap; consider migration to patched version when available

CVEs (5)

CVE-2012-1830 CVE-2012-1831 CVE-2012-1832 CVE-2012-2560 CVE-2012-2559

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/42fa38ff-f0df-4f54-8a0d-515353393461