Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian

Cisco Talos researchers found two high-severity vulnerabilities in WellinTech’s KingHistorian industrial data historian software.

Cisco’s Talos threat intelligence and research unit this week disclosed the details of two high-severity vulnerabilities discovered last year in WellinTech’s KingHistorian industrial data historian software.

China-based industrial automation software company WellinTech designed KingHistorian for collecting and processing a ‘massive amount’ of industrial control system (ICS) data. 

Talos researchers discovered that the historian is impacted by two flaws. One of them, tracked as CVE-2022-45124, can allow an attacker who can intercept an authentication packet to obtain the username and password of the legitimate user who logged in to the system. 

[ Read: Counting ICS Vulnerabilities: Examining Variations in Numbers Reported by Security Firms ]

The second issue, CVE-2022-43663, can be exploited by sending a specially crafted network packet that triggers a buffer overflow. It’s unclear if the flaw can be exploited for arbitrary code execution or only to crash the process.

The vendor was informed about the security holes in December 2022 and released patches earlier this month. 

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta
www.icscybersecurityconference.com

Cisco has not shared any information on the real world impact resulting from the potential exploitation of these vulnerabilities, but based on previous reports from cybersecurity companies, compromising a historian could be very useful to threat actors.

In January, industrial security firm Claroty disclosed several vulnerabilities found by its researchers in the GE Digital Proficy Historian product. The company warned at the time that the flaws could be exploited for espionage or to cause damage and disruption in industrial environments.

Historian servers can provide access to both IT and OT systems, allowing hackers to leverage compromised devices to gain access to valuable information or move to other systems on the network. 

Advertisement. Scroll to continue reading.

Related: Vulnerability in ABB Plant Historian Disclosed 5 Years After Discovery

Related: Siemens Drives Rise in ICS Vulnerabilities Discovered in 2022

Related: ICS Vulnerabilities Chained for Deep Lateral Movement and Physical Damage 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Robert Shaker II has joined application security firm ActiveState as Chief Product and Technology Officer.

MorganFranklin Cyber has promoted Nick Stallone and Ferdinand Hamada into newly created roles.

Jessica Newman has joined Sophos as General Manager of Global Cyber Insurance.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.