Sign-up

ID

VAR-201404-0552


CVE

CVE-2014-0787


TITLE

WellinTech KingSCADA Stack Buffer Overflow Vulnerability

Trust: 1.0

sources: IVD: 16b033d0-2352-11e6-abef-000c29c66e3d // IVD: 101475fc-1ee0-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02211

DESCRIPTION

Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet. Authentication is not required to exploit this vulnerability.The specific flaw exists within the protocol parsing code contained in kxNetDispose.dll. The parent service is called AEserver.exe and listens on port 12401. The process performs arithmetic on an user-supplied value used to determine the size of a copy operation allowing a potential integer wrap to cause a stack buffer overflow. An unauthenticated attacker can leverage this vulnerability to execute code under the context of the SYSTEM user. The KingSCADA family of products is a Windows-based monitoring and data acquisition application. WellinTech KingSCADA is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Failed attacks will likely cause denial-of-service conditions. KingSCADA versions prior to 3.1.2.13 is vulnerable

Trust: 3.51

sources: NVD: CVE-2014-0787 // JVNDB: JVNDB-2014-001985 // ZDI: ZDI-14-071 // CNVD: CNVD-2014-02211 // BID: 66709 // IVD: 16b033d0-2352-11e6-abef-000c29c66e3d // IVD: 101475fc-1ee0-11e6-abef-000c29c66e3d // VULMON: CVE-2014-0787

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 16b033d0-2352-11e6-abef-000c29c66e3d // IVD: 101475fc-1ee0-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-02211

AFFECTED PRODUCTS

vendor:wellintechmodel:kingscadascope:eqversion:3.1

Trust: 1.6

vendor:wellintechmodel:kingscadascope: - version: -

Trust: 1.3

vendor:wellintechmodel:kingscadascope:lteversion:3.1.2

Trust: 1.0

vendor:wellintechmodel:kingscadascope:ltversion:3.1.2.13

Trust: 0.8

vendor:wellintechmodel:kingscadascope:eqversion:3.1.2

Trust: 0.6

vendor:kingscadamodel: - scope:eqversion:3.1

Trust: 0.4

vendor:kingscadamodel: - scope:eqversion:*

Trust: 0.4

vendor:wellintechmodel:kingscadascope:eqversion:3.0

Trust: 0.3

sources: IVD: 16b033d0-2352-11e6-abef-000c29c66e3d // IVD: 101475fc-1ee0-11e6-abef-000c29c66e3d // ZDI: ZDI-14-071 // CNVD: CNVD-2014-02211 // BID: 66709 // CNNVD: CNNVD-201404-179 // JVNDB: JVNDB-2014-001985 // NVD: CVE-2014-0787

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov: CVE-2014-0787
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2014-0787
value: HIGH

Trust: 1.0

NVD: CVE-2014-0787
value: HIGH

Trust: 0.8

ZDI: CVE-2014-0787
value: HIGH

Trust: 0.7

CNVD: CNVD-2014-02211
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201404-179
value: CRITICAL

Trust: 0.6

IVD: 16b033d0-2352-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 101475fc-1ee0-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULMON: CVE-2014-0787
value: HIGH

Trust: 0.1

ics-cert@hq.dhs.gov: CVE-2014-0787
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 3.6

CNVD: CNVD-2014-02211
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 16b033d0-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 101475fc-1ee0-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 16b033d0-2352-11e6-abef-000c29c66e3d // IVD: 101475fc-1ee0-11e6-abef-000c29c66e3d // ZDI: ZDI-14-071 // CNVD: CNVD-2014-02211 // VULMON: CVE-2014-0787 // CNNVD: CNNVD-201404-179 // JVNDB: JVNDB-2014-001985 // NVD: CVE-2014-0787 // NVD: CVE-2014-0787

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

problemtype:CWE-121

Trust: 1.0

sources: JVNDB: JVNDB-2014-001985 // NVD: CVE-2014-0787

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-179

TYPE

Buffer overflow

Trust: 1.0

sources: IVD: 16b033d0-2352-11e6-abef-000c29c66e3d // IVD: 101475fc-1ee0-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201404-179

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001985

EXPLOIT AVAILABILITY
sources:
            
            
            VULMON: CVE-2014-0787

PATCH
title:Software Downloadurl:http://www.wellintech.com/index.php?option=com_content&view=article&id=56&Itemid=11
Trust: 0.8
title:KingSCADAurl:http://www.wellintech.co.jp/KaisyaSeihin.htm#KingSCADA
Trust: 0.8
title:WellinTech has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-14-098-02
Trust: 0.7
title:WellinTech KingSCADA Stack Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/44743
Trust: 0.6
title:KingSCADA3.1.2.13_ENurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49249
Trust: 0.6
sources:
            
            
            ZDI: ZDI-14-071 // 
            
            
            
            CNVD: CNVD-2014-02211 // 
            
            
            
            CNNVD: CNNVD-201404-179 // 
            
            
            
            JVNDB: JVNDB-2014-001985

EXTERNAL IDS
db:NVDid:CVE-2014-0787
Trust: 4.5
db:ICS CERTid:ICSA-14-098-02
Trust: 3.1
db:BIDid:66709
Trust: 2.0
db:EXPLOIT-DBid:42724
Trust: 1.1
db:CNVDid:CNVD-2014-02211
Trust: 1.0
db:CNNVDid:CNNVD-201404-179
Trust: 1.0
db:JVNDBid:JVNDB-2014-001985
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-1780
Trust: 0.7
db:ZDIid:ZDI-14-071
Trust: 0.7
db:OSVDBid:105574
Trust: 0.6
db:IVDid:16B033D0-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:101475FC-1EE0-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULMONid:CVE-2014-0787
Trust: 0.1
sources:
            
            
            IVD: 16b033d0-2352-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: 101475fc-1ee0-11e6-abef-000c29c66e3d // 
            
            
            
            ZDI: ZDI-14-071 // 
            
            
            
            CNVD: CNVD-2014-02211 // 
            
            
            
            VULMON: CVE-2014-0787 // 
            
            
            
            BID: 66709 // 
            
            
            
            CNNVD: CNNVD-201404-179 // 
            
            
            
            JVNDB: JVNDB-2014-001985 // 
            
            
            
            NVD: CVE-2014-0787

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-14-098-02
Trust: 3.9
url:https://www.exploit-db.com/exploits/42724/
Trust: 1.2
url:http://www.securityfocus.com/bid/66709
Trust: 1.1
url:http://www.wellintech.com/index.php?option=com_content&view=article&id=56&itemid=11
Trust: 1.0
url:https://www.cisa.gov/news-events/ics-advisories/icsa-14-098-02
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0787
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0787
Trust: 0.8
url:http://osvdb.com/show/osvdb/105574
Trust: 0.6
url:http://en.wellintech.com/products/detail.aspx?contentid=14
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=33710
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            ZDI: ZDI-14-071 // 
            
            
            
            CNVD: CNVD-2014-02211 // 
            
            
            
            VULMON: CVE-2014-0787 // 
            
            
            
            BID: 66709 // 
            
            
            
            CNNVD: CNNVD-201404-179 // 
            
            
            
            JVNDB: JVNDB-2014-001985 // 
            
            
            
            NVD: CVE-2014-0787

CREDITS
Anonymous
Trust: 0.7
sources:
            
            
            ZDI: ZDI-14-071

SOURCES
db:IVDid:16b033d0-2352-11e6-abef-000c29c66e3d
db:IVDid:101475fc-1ee0-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-14-071
db:CNVDid:CNVD-2014-02211
db:VULMONid:CVE-2014-0787
db:BIDid:66709
db:CNNVDid:CNNVD-201404-179
db:JVNDBid:JVNDB-2014-001985
db:NVDid:CVE-2014-0787

LAST UPDATE DATE
2025-09-26T23:51:06.352000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-14-071date:2014-04-10T00:00:00
db:CNVDid:CNVD-2014-02211date:2014-04-11T00:00:00
db:VULMONid:CVE-2014-0787date:2017-09-17T00:00:00
db:BIDid:66709date:2014-08-01T00:22:00
db:CNNVDid:CNNVD-201404-179date:2014-04-15T00:00:00
db:JVNDBid:JVNDB-2014-001985date:2014-04-15T00:00:00
db:NVDid:CVE-2014-0787date:2025-09-25T18:15:36.003

SOURCES RELEASE DATE
db:IVDid:16b033d0-2352-11e6-abef-000c29c66e3ddate:2014-04-11T00:00:00
db:IVDid:101475fc-1ee0-11e6-abef-000c29c66e3ddate:2014-04-11T00:00:00
db:ZDIid:ZDI-14-071date:2014-04-10T00:00:00
db:CNVDid:CNVD-2014-02211date:2014-04-11T00:00:00
db:VULMONid:CVE-2014-0787date:2014-04-12T00:00:00
db:BIDid:66709date:2014-04-08T00:00:00
db:CNNVDid:CNNVD-201404-179date:2014-04-15T00:00:00
db:JVNDBid:JVNDB-2014-001985date:2014-04-15T00:00:00
db:NVDid:CVE-2014-0787date:2014-04-12T04:37:31.737