EUVD-2022-48041

Malicious code in bioql PyPI...

CVE-2012-2559

WellinTech KingHistorian 3.0 allows remote attackers to execute arbitrary code or cause a denial of service invalid pointer write via a crafted packet to TCP port 5678...

CVE-2022-43663

An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-45124

An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability...

CISA Releases Seven Industrial Control Systems Advisories

CISA released seven Industrial Control Systems ICS advisories on July 18, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-199-01 Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A ICSA-23-199-02...

WellinTech KingHistorian

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: WellinTech Equipment: KingHistorian Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Signed to Unsigned Conversion Error 2. RISK EVALUATION...

The vulnerability of the SORBAx64.dll database, which is used for receiving and analyzing data in industrial control systems managed by KingHistorian, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the SORBAx64.dll database, which is used for receiving and analyzing data in industrial control systems like KingHistorian, is related to type conversion errors. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

Vulnerability Spotlight: WellinTech ICS platform vulnerable to information disclosure, buffer overflow vulnerabilities

Carl Hurd of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered two vulnerabilities in WellinTechs KingHistorian industrial control systems data manager. KingHistorian is a time-series database that allows users to ingest and process large amounts of data from ICS,...

CVE-2022-45124

An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability...

CVE-2022-45124

An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability...

CVE-2022-43663

An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-43663

An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

Information disclosure

An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability...

Design/Logic Flaw

An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-43663

Summary: CVE-2022-43663 is an integer conversion vulnerability in WellinTech KingHistorian 35.01.00.05, affecting the RecvPacket function of SORBAx64.dll and capable of causing a buffer overflow via a specially crafted network packet. Cisco Talos details the underlying issue in the RecvPacket han...

CVE-2022-43663

An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-43663

An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-45124

CVE-2022-45124 affects WellinTech KingHistorian 35.01.00.05. Cisco Talos reports an information-disclosure vulnerability in the User authentication path: if an attacker captures an authentication packet, they can recover the username and password, exposing sensitive data. CVSSv3.1 base score 7.5 ...

CVE-2022-45124

An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability...

PT-2023-14612 · Wellintech · Kinghistorian

Name of the Vulnerable Software and Affected Versions: WellinTech KingHistorian version 35.01.00.05 Description: An information disclosure issue exists in the User authentication functionality. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can...