WellinTech KingView 6.53 < 2012-03-22 Multiple Vulnerabilities

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a SCADA application that is affected
by multiple vulnerabilities.

Description :

According to its version, the instance of WellinTech KingView
installed on the remote Windows host is affected by multiple
vulnerabilities:

- A denial of service vulnerability in 'NetGenius.exe'
when parsing invalid pointer packets resulting in a
buffer overflow.

- A directory traversal vulnerability in 'Touchvew.exe'
due to not sanitizing user input.

- An insecure DLL loading vulnerability. (CVE-2012-1819)

- A stack-based buffer overflow vulnerability that may be
exploited via a specially-crafted packet sent to port
555. (CVE-2012-1830)

- A heap-based buffer overflow vulnerability that may be
exploited via a specially-crafted packet sent to port
555. (CVE-2012-1831)

- An out-of-bounds read error that may be exploited via a
specially-crafted packet sent to port 2001.
(CVE-2012-1832)

- A directory traversal vulnerability that may be
exploited via a specially-crafted HTTP GET request on
port 8001. (CVE-2012-2560)

See also :

http://en.wellintech.com/products/detail.aspx?contentid=15
http://en.wellintech.com/news/detail.aspx?contentid=168
http://www.wellintech.com/index.php/news/33-patch-for-kingview653

Solution :

Install the patch referenced in the vendor's advisory.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 59377 ()

Bugtraq ID: 53316
53370
54280

CVE ID: CVE-2012-1819
CVE-2012-1830
CVE-2012-1831
CVE-2012-1832
CVE-2012-2560