Tuesday, January 11, 2011

DHS ICS-CERT Reports WellinTech Vulnerability

Earlier today the DHS Industrial Control System Cyber Emergency Response Team issued an alert about a reported vulnerability in the WellinTech KingView v6.3. The publicly reported buffer overflow vulnerability would allow a remote attacker to crash an affected application or execute arbitrary code.

DHS reports that they have not confirmed the vulnerability but is reporting it because alleged exploit code is publicly available. I have seen this vulnerability discussed on a couple of different sites (sorry I failed to copy pages or links) and I understand that the researcher who discovered the vulnerability tried to report it to WellinTech, a Chinese company, but received no response. The researcher went public this last weekend.

No comments:

/* Use this with templates/template-twocol.html */