Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian

Cisco Talos researchers found two high-severity vulnerabilities in WellinTech’s KingHistorian industrial data historian software.

Cisco’s Talos threat intelligence and research unit this week disclosed the details of two high-severity vulnerabilities discovered last year in WellinTech’s KingHistorian industrial data historian software.

China-based industrial automation software company WellinTech designed KingHistorian for collecting and processing a ‘massive amount’ of industrial control system (ICS) data. 

Talos researchers discovered that the historian is impacted by two flaws. One of them, tracked as CVE-2022-45124, can allow an attacker who can intercept an authentication packet to obtain the username and password of the legitimate user who logged in to the system. 

[ Read: Counting ICS Vulnerabilities: Examining Variations in Numbers Reported by Security Firms ]

The second issue, CVE-2022-43663, can be exploited by sending a specially crafted network packet that triggers a buffer overflow. It’s unclear if the flaw can be exploited for arbitrary code execution or only to crash the process.

The vendor was informed about the security holes in December 2022 and released patches earlier this month. 

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta
www.icscybersecurityconference.com

Cisco has not shared any information on the real world impact resulting from the potential exploitation of these vulnerabilities, but based on previous reports from cybersecurity companies, compromising a historian could be very useful to threat actors.

In January, industrial security firm Claroty disclosed several vulnerabilities found by its researchers in the GE Digital Proficy Historian product. The company warned at the time that the flaws could be exploited for espionage or to cause damage and disruption in industrial environments.

Advertisement. Scroll to continue reading.

Historian servers can provide access to both IT and OT systems, allowing hackers to leverage compromised devices to gain access to valuable information or move to other systems on the network. 

Related: Vulnerability in ABB Plant Historian Disclosed 5 Years After Discovery

Related: Siemens Drives Rise in ICS Vulnerabilities Discovered in 2022

Related: ICS Vulnerabilities Chained for Deep Lateral Movement and Physical Damage 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...