Independent researcher Carlos Mario Peñagos Hollman identified a DLL Hijack vulnerability in WellinTech’s KingView application.
WellinTech has created a patch that resolves the vulnerability. Mr. Hollman has tested the patch and verified that it resolves the vulnerability.
The following product and version are affected:
• WellinTech KingView 6.53
IMPACT
A successful exploit of this vulnerability could lead to arbitrary code execution.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.
BACKGROUND
WellinTech is a software development company specializing in the automation and control industry based in Beijing, China, with branches in United States, Japan, Singapore, Europe, and Taiwan.
According to the WellinTech website, the KingView product is a Windows-based control, monitoring, and data collection application deployed across several industries including power, water, building automation, mining, and other sectors.
VULNERABILITY OVERVIEW
UNCONTROLLED SEARCH PATH ELEMENT: An attacker may place a malicious DLL in a directory where it will be loaded before the valid DLL. An attacker must have access to the host file system to exploit this vulnerability. If exploited, this vulnerability may allow execution of arbitrary code. CVE-2012-1819 has been assigned to this vulnerability.
EXPLOITABILITY: This vulnerability is remotely exploitable but may require the use of social engineering to exploit.
EXISTENCE OF EXPLOIT: No known public exploits specifically target this vulnerability.
DIFFICULTY: An attacker requires a moderate skill level to exploit this vulnerability.
MITIGATION
WellinTech has developed a patch to resolve this issue. The WellinTech advisory and the KingView product patch can be found here:
The full ICS-CERT advisory can be found here:
Source: http://www.us-cert.gov/control_systems/pdf/ICSA-12-122-01.pdf