There was a public report of two ActiveX vulnerabilities with proof-of-concept (PoC) exploit code, affecting WellinTech KingView, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product.
The vulnerabilities are exploitable because the program does not properly sanitize user input, according to this report, which released without coordination with either the vendor or ICS-CERT.
ICS-CERT has notified the affected vendor of the report and asked the vendor to confirm the vulnerabilities and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks because of these vulnerabilities and other cyber security attacks.
The report included vulnerability details and PoC exploit code for the following remotely exploitable vulnerabilities:
• KChartXY ActiveX, which can suffer from overwrite arbitrary files
• SuperGrid ActiveX, which can suffer from overwrite arbitrary files, and establish persistence on computer
The WellinTech KingView product is in multiple industries including power, water, building automation, and mining.
The vulnerability reports state it is possible to correct the flaw by implementing the following workarounds:
• Set the kill-bit on the KChartXY ActiveX Control (CLSID A9A2011A-1E02-4242-AAE0-B239A6F88BAC).
• Set the kill-bit on the SuperGrid ActiveX Control (CLSID F494550F-A028-4817-A7B5-E5F2DCB4A47E).
ICS-CERT is currently coordinating with the vendor and security researcher to identify mitigations.