cbcvebase.
CVE-2022-43663
published 2023-03-20

CVE-2022-43663: An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
14.04%
96.1th percentile
An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

Affected

1 ranges
VendorProductVersion rangeFixed in
wellintechkinghistorian

Detection & IOCsextracted from sources · hover to see the quote

filenameSORBAx64.dll
snort
61093
  • Target the RecvPacket function within SORBAx64.dll; exploitation is triggered by a specially crafted network packet causing a signed-to-unsigned integer conversion error leading to buffer overflow.
  • Exploitation is remotely triggered with low attack complexity and no authentication required; monitor for anomalous network packets targeting KingHistorian services.
  • Use Snort rule 61093 for detection; check Cisco Secure Firewall Management Center or Snort.org for the latest rule updates.
  • ·Vulnerability is confirmed only in KingHistorian version 35.01.00.05; other versions are not confirmed affected.
  • ·Public exploits are available for this vulnerability, elevating urgency for detection and patching.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.