WellinTech KingSCADA < 188.8.131.52-EN 'kxNetDispose.dll' Buffer Overflow RCE
Critical Nessus Plugin ID 81553
SynopsisThe WellinTech KingSCADA server installed on the remote host is affected by a remote code execution vulnerability.
DescriptionThe WellinTech KingSCADA server installed on the remote host is a version prior to 184.108.40.206-EN. It is, therefore, affected by a stack-based buffer overflow flaw in 'kxNetDispose.dll' due to improper validation of user-supplied input. A remote, unauthenticated attacker, by sending a specially crafted packet used for the calculation of copy operation sizes, can exploit this to cause the structured exception handler (SEH) to be overwritten, resulting in the execution of arbitrary code or a denial of service.
SolutionUpgrade KingSCADA to version 220.127.116.11-EN.