WellinTech Vulnerabilities

Act NowICS-CERT ICSA-13-344-01Sep 12, 2013

Summary

WellinTech KingSCADA, KingAlarm&Event, and KingGraphic products contain information disclosure vulnerabilities (CWE-538: Information Exposure Through Query Strings in URL, CWE-749: Exposed Dangerous Method or Function). These vulnerabilities may allow attackers to access sensitive configuration and operational data from affected devices.

What this means

What could happen

An attacker with access to the network could retrieve sensitive system configuration data and operational information from KingSCADA, KingAlarm&Event, or KingGraphic installations, potentially compromising SCADA process setpoints, alarm settings, or other critical operational parameters.

Who's at risk

Energy sector operators using WellinTech SCADA and alarming systems should be concerned. This affects KingSCADA supervisory control systems, KingAlarm&Event alarm/event management, and KingGraphic visualization systems deployed in power generation, transmission, or distribution facilities.

How it could be exploited

An attacker with network access to the affected device could craft HTTP requests containing query strings or invoke exposed methods to extract sensitive information such as configuration files, credentials, or operational parameters without authentication.

Prerequisites

Network access to the affected WellinTech product (KingSCADA, KingAlarm&Event, or KingGraphic)
Device must be reachable via HTTP/network interface

No authentication requiredLow complexity attackHigh EPSS score (60.5%)No patch availableRemotely exploitable

Exploitability

High exploit probability (EPSS 60.5%)

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

KingSCADA: <=3.1≤ 3.1No fix (EOL)

KingAlarm&Event: <=2.0.2≤ 2.0.2No fix (EOL)

KingGraphic: <=3.1≤ 3.1No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGImplement network segmentation to restrict access to WellinTech SCADA systems. Place affected devices on isolated VLAN or behind firewall rules that block direct access from untrusted networks.

WORKAROUNDDisable or restrict HTTP query string access and any exposed methods on affected KingSCADA, KingAlarm&Event, and KingGraphic instances if such configuration options exist.

HARDENINGMonitor network traffic for suspicious HTTP requests to affected devices; log and review any access attempts.

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: KingSCADA: <=3.1, KingAlarm&Event: <=2.0.2, KingGraphic: <=3.1. Apply the following compensating controls:

HARDENINGEvaluate upgrade or replacement options for affected WellinTech products. Contact vendor to determine if patches or newer versions address these vulnerabilities.

CVEs (2)

CVE-2013-2826 CVE-2013-2827

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/613684f7-4dd4-457b-ba13-b7afc103ee1b