WellinTech KingView 6.53 < 2010-12-15 HistorySvr.exe TCP Request Remote Overflow

Critical Nessus Plugin ID 59375

Synopsis

The remote Windows host contains an application that is affected by a remote buffer overflow vulnerability.

Description

According to its version, the instance of WellinTech KingView installed on the remote Windows host is affected by a remote buffer overflow vulnerability. A flaw exists inside of 'nettransdll.dll' that may permit unauthenticated, remote attackers to execute arbitrary code in the context of the application. 'HistorySrv.exe' listens on port 777, and when a long request is received it may trigger a heap overflow.

Solution

Install the patch referenced in the vendor's advisory.

See Also

http://www.nessus.org/u?c202bc58

http://en.wellintech.com/products/detail.aspx?contentid=15

http://en.wellintech.com/products/detail.aspx?contentid=25

Plugin Details

Severity: Critical

ID: 59375

File Name: scada_kingview_6_53_2010-12-15.nbin

Version: $Revision: 1.92 $

Type: local

Family: SCADA

Published: 2012/06/05

Modified: 2018/08/15

Dependencies: 59374

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:wellintech:kingview

Required KB Items: SCADA/Apps/WellinTech/KingView/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/12/15

Vulnerability Publication Date: 2011/01/09

Exploitable With

Core Impact

ExploitHub (EH-14-257)

Reference Information

CVE: CVE-2011-0406

BID: 45727

CERT: 180119

EDB-ID: 15957

ICS-ALERT: 11-111-01