CVE-2012-1831
published 2012-07-05CVE-2012-1831: Heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555.
PriorityP271critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
15.94%
96.5th percentile
Heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wellintech | kingview | <= 6.53 | — |
| wellintech | kingview | — | — |
| wellintech | kingview | — | — |
| wellintech | kingview | — | — |
| wellintech | kingview | — | — |
| wellintech | kingview | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for large TCP streams (70,000–80,000+ bytes) sent to port 555/TCP targeting KingView touchview.exe; oversized single-packet payloads of repeated bytes are characteristic of heap overflow exploitation attempts against this service. ↗
- →Alert on any inbound connection to TCP port 555 on hosts running WellinTech KingView 6.53; the service only listens when the node is configured as a Login Server, so unexpected external connections to this port are high-fidelity indicators. ↗
- →Look for EIP/EAX corruption patterns with value 0x42424242 or 0x44444444 in crash telemetry or process memory dumps of touchview.exe, indicative of successful heap overflow control via the PoC payloads. ↗
- ·The vulnerable TCP port 555 is only open when KingView is explicitly configured with the node type set to 'Local is a Login Server'; default configurations may not expose this attack surface. ↗
- ·The vendor silently patched this vulnerability; detection rules should still cover unpatched KingView 6.53 deployments, which remain in use in ICS/SCADA environments. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
WellinTech KingView Multiple Vulnerabilities
cisa_ics·2014-09-02
WellinTech KingView Multiple Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
WellinTech KingView Multiple Vulnerabilities
Last RevisedSeptember 02, 2014
Alert CodeICSA-12-185-01
## Overview
Independent researchers Carlos Mario Penagos Hollman and Dillon Beresford identified multiple vulnerabilities in WellinTech’s KingView and a single vulnerability in WellinTech’s KingHistorian application. These vulnerabilities are exploitable remotely. WellinTech has created a patch and the researchers have validated that the patch resolves these vulnerabilities in the KingView and KingHistorian applications.
## Affected Products
The following products and versions
GHSA
GHSA-jw5x-9h34-q83r: Heap-based buffer overflow in WellinTech KingView 6
ghsa_unreviewed·2022-05-17
CVE-2012-1831 [HIGH] CWE-119 GHSA-jw5x-9h34-q83r: Heap-based buffer overflow in WellinTech KingView 6
Heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555.
No detection rules found.
No writeups or analysis indexed.
2012-07-05
Published