WellinTech KingView KingMess Buffer Overflow
Act NowICS-CERT ICSA-13-043-02ANov 16, 2013
Summary
WellinTech KingView versions 6.52, 6.53, and 6.55 contain a buffer overflow vulnerability in the kingMess.exe component. The vulnerability could allow an attacker to execute arbitrary code on systems running affected versions. CWE-119 (improper restriction of operations within the bounds of a memory buffer) is the underlying weakness. No vendor patch has been released for any of the affected versions.
What this means
What could happen
A buffer overflow in KingView's kingMess.exe component could allow an attacker to execute arbitrary code and take control of the HMI system, potentially disrupting operator visibility and enabling unauthorized changes to process parameters.
Who's at risk
Water utilities and electric utilities operating WellinTech KingView HMI systems (versions 6.52, 6.53, or 6.55) for SCADA visualization and operator interface are affected. This includes any plant using KingView for real-time process monitoring and control of pumps, valves, circuit breakers, and other field devices.
How it could be exploited
An attacker sends a specially crafted input to the kingMess.exe process, triggering a buffer overflow that overwrites memory. This allows the attacker to inject and execute arbitrary code with the privileges of the KingView application, typically those of the operator or engineering user running the HMI.
Prerequisites
- Network access to the KingView HMI system running an affected version
- Ability to send crafted input to the kingMess.exe component (typically via the KingView network protocol or local process interaction)
High EPSS score (58.3%) indicates moderate exploit probabilityBuffer overflow vulnerability allows arbitrary code executionNo patch available for affected versionsAffects HMI systems with direct control over physical operationsLow complexity exploitation likely given buffer overflow nature
Exploitability
High exploit probability (EPSS 58.3%)
Affected products (3)
3 pending
ProductAffected VersionsFix Status
KingView: 6.52_kingMess.exe_65.20.2003.103006.52 kingMess.exe 65.20.2003.10300No fix yet
KingView: 6.53_kingMess.exe_65.20.2003.104006.53 kingMess.exe 65.20.2003.10400No fix yet
KingView: 6.55_kingMess.exe_65.50.2011.180496.55 kingMess.exe 65.50.2011.18049No fix yet
Remediation & Mitigation
0/5
Do now
0/3HARDENINGIsolate KingView HMI systems from untrusted networks using a firewall; restrict access to port 8081 (KingView default HMI port) and kingMess.exe communication channels to trusted engineering workstations and control network segments only
HARDENINGImplement network segmentation to prevent direct access from corporate IT networks or the internet to KingView systems
WORKAROUNDDisable or restrict remote access to KingView HMI if not actively required for operations
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXContact WellinTech technical support to determine if a patched version or upgrade is available, as this advisory states no fix is available for the listed versions
Long-term hardening
0/1HOTFIXPlan for upgrade or replacement of KingView systems if the vendor cannot provide a security update
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/1f95bfe3-dad3-4bac-9f45-02014b58e23a