WellinTech KingHistorian
Act Now8.1ICS-CERT ICSA-23-199-07Jul 18, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
WellinTech KingHistorian contains input validation and buffer overflow vulnerabilities (CWE-195, CWE-200) that allow an attacker with network access to disclose sensitive historian data or inject malicious data leading to buffer overflow. The vulnerabilities affect KingHistorian version 35.01.00.05 and earlier. A historian is a critical component in SCADA systems that stores time-series operational data (temperatures, pressures, flow rates, alarms) needed by operators to understand system state and troubleshoot problems.
What this means
What could happen
An attacker could disclose sensitive information from the KingHistorian historian database or inject malicious data that triggers a buffer overflow, potentially causing the historian service to crash or execute arbitrary code on the system.
Who's at risk
Water utilities, electric utilities, and other critical infrastructure operators using WellinTech KingHistorian for SCADA data logging and historical trend analysis. Any organization relying on KingHistorian to store and retrieve operational process data, alarms, and setpoint history.
How it could be exploited
An attacker with network access to the KingHistorian service sends a specially crafted request containing oversized or malformed data. The application fails to properly validate input length (CWE-195), allowing the attacker to overflow a buffer (CWE-200) and either extract sensitive data or, in the case of the buffer overflow, potentially execute code on the historian server.
Prerequisites
- Network access to KingHistorian service port (typically 8080 or custom port)
- KingHistorian version 35.01.00.05 or earlier
- No credentials required for initial exploitation
Remotely exploitableNo authentication requiredHigh EPSS score (18%)No patch available for version 35.01.00.05Affects historian/data logging systems critical to operator situational awareness
Exploitability
High exploit probability (EPSS 18.0%)
Affected products (1)
ProductAffected VersionsFix Status
KingHistorian: 35.01.00.0535.01.00.053.52
Remediation & Mitigation
0/4
Do now
0/2HARDENINGIsolate KingHistorian historian server behind a firewall and restrict network access to authorized engineering workstations and SCADA servers only
HARDENINGEnsure KingHistorian is not directly accessible from the Internet or business networks; use network segmentation to isolate the historian from non-critical systems
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpgrade KingHistorian to version 3.52 or later
WORKAROUNDIf remote access to KingHistorian is required, implement a VPN with encryption and access controls, and keep VPN software updated to the latest version
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/305b6ac8-89bd-482b-8cf3-d08d9a82d82b