WellinTech KingView User Credentials Not Securely Hashed
Low RiskICS-CERT ICSA-12-283-02Jul 13, 2012
Summary
WellinTech KingView stores user credentials without secure hashing. An attacker with access to the KingView database or configuration files can recover plaintext passwords and use them to gain unauthorized access to the system and associated industrial processes.
What this means
What could happen
An attacker who gains access to KingView's stored credentials could log in as legitimate users and modify process setpoints, pause operations, or trigger unsafe state changes in connected equipment.
Who's at risk
Organizations running WellinTech KingView for process automation, data acquisition, or SCADA monitoring in utilities, manufacturing, and water/wastewater treatment should be concerned. Any facility relying on KingView for real-time process control is at risk if an attacker gains workstation or filesystem access.
How it could be exploited
An attacker must first obtain access to the KingView system or its database files (via malware, insider access, or physical access to the workstation). Once they extract the credentials file, they can read plaintext passwords and use them to authenticate to KingView and any systems that share credentials with it.
Prerequisites
- Access to KingView workstation or its file system
- Ability to extract or view configuration/database files where credentials are stored
no patch availableplaintext credential storageaffects SCADA/supervisory control systemsuser credentials compromised
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
KingView: <=6.5.3≤ 6.5.3No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2HARDENINGRestrict file system and database access to KingView directories to authorized personnel only
HARDENINGIsolate KingView workstations from general network access using a firewall or air-gap
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
WORKAROUNDForce regular password changes for all KingView user accounts to limit exposure window
Mitigations - no patch available
0/2KingView: <=6.5.3 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGMonitor KingView authentication logs for suspicious login attempts
HARDENINGPlan migration to a newer version of KingView or alternative SCADA software that implements secure password hashing
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/dcace7c7-95d6-459e-93db-f136bca19fbc