WellinTech created a fix that mitigates a remote code execution vulnerability and an information disclosure vulnerability in its KingSCADA, KingAlarm&Event, and KingGraphic applications, according to a report on ICS-CERT.
These remotely exploitable vulnerabilities first came to the attention of the Zero Day Initiative (ZDI) by security researcher Andrea Micalizzi.
WellinTech reports that these vulnerabilities affect the following products:
• KingSCADA 3.1 and all previous versions
• KingAlarm&Event 2.0.2 and all previous versions
• KingGraphic 3.1 and all previous versions
A remote attacker can exploit these vulnerabilities to acquire the credentials to login to the database as a legitimate user or remotely execute code in the context of the target process.
WellinTech is a software development company specializing in automation and control. Beijing-based WellinTech has branches in the United States, Japan, Singapore, Europe, and Taiwan.
The WellinTech Web site describes KingSCADA as a Windows-based control, monitoring, and data collection application used across several industries including power, water, building automation, mining, and other sectors.
Authentication to this service ends up performed locally through the KAEClientManager console but not against remote connections. A remote attacker with knowledge of the proprietary protocol can send a specially crafted packet to Port 8130/TCP to disclose credentials.
CVE-2013-2826 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.5.
By properly setting the ProjectURL property, it is possible for an attacker to download an arbitrary dll file from a remote location and run the code in the dll in the context of the target process.
CVE-2013-2827 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.5.
No known public exploits specifically target these vulnerabilities. However, an attacker with a low skill would be able to exploit these vulnerabilities.