SCADA: WellinTech KingSCADA kxNetDispose.dll Stack Buffer Overflow
This signature detects attempts to exploit a known vulnerability against WellinTech KingSCADA. The vulnerability is due to insufficient validation on the size of the data. The vulnerable module is kxNetDispose.dll. The vulnerability, if exploited, results in the overwriting of the structured exception handler (SEH) in the AEserver.exe process listening on port 12401/TCP. A remote unauthenticated attacker could exploit this vulnerability by sending a malicious packet to the KingSCADA server. Successful exploitation could lead to remote code execution under the security context of a privileged system user.
Extended Description
Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet.
Affected Products
Wellintech kingscada
Short Name
SCADA:WELLINTECH-KING-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SCADA
Keywords
Buffer CVE-2014-0787 KingSCADA Overflow Stack WellinTech bid:66709 kxNetDispose.dll
Release Date
06/24/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
tcp/12401
False Positive
Unknown
Vendors
Wellintech
CVSS Score
10.0