WellinTech KingView 6.53 < 2010-12-15 HistorySvr.exe TCP Request Remote Overflow

critical Nessus Plugin ID 59375

Synopsis

The remote Windows host contains an application that is affected by a remote buffer overflow vulnerability.

Description

According to its version, the instance of WellinTech KingView installed on the remote Windows host is affected by a remote buffer overflow vulnerability. A flaw exists inside of 'nettransdll.dll' that may permit unauthenticated, remote attackers to execute arbitrary code in the context of the application. 'HistorySrv.exe' listens on port 777, and when a long request is received it may trigger a heap overflow.

Solution

Install the patch referenced in the vendor's advisory.

See Also

http://www.nessus.org/u?04152db0

http://web.archive.org/web/20110421065111/http://en.wellintech.com:80/products/detail.aspx?contentid=15

http://web.archive.org/web/20120312033124/http://en.wellintech.com:80/products/detail.aspx?contentid=25

Plugin Details

Severity: Critical

ID: 59375

File Name: scada_kingview_6_53_2010-12-15.nbin

Version: 1.221

Type: local

Agent: windows

Family: SCADA

Published: 6/5/2012

Updated: 3/26/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2011-0406

Vulnerability Information

CPE: cpe:/a:wellintech:kingview

Required KB Items: SCADA/Apps/WellinTech/KingView/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/15/2010

Vulnerability Publication Date: 1/9/2011

Exploitable With

Core Impact

ExploitHub (EH-14-257)

Reference Information

CVE: CVE-2011-0406

BID: 45727

CERT: 180119

ICS-ALERT: 11-111-01