"High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian"

Security researchers at Cisco's Talos threat intelligence and research unit recently disclosed the details of two high-severity vulnerabilities discovered last year in WellinTech's KingHistorian industrial data historian software.  China-based industrial automation software company WellinTech designed KingHistorian for collecting and processing a "massive amount" of industrial control system (ICS) data.  The researchers discovered that the historian is impacted by two flaws.  One of them tracked as CVE-2022-45124, can allow an attacker who can intercept an authentication packet to obtain the username and password of the legitimate user who logged in to the system.  The second issue, CVE-2022-43663, can be exploited by sending a specially crafted network packet that triggers a buffer overflow.  The researchers noted that it is unclear if the flaw can be exploited for arbitrary code execution or only to crash the process.  The vendor was informed about the security holes in December 2022 and released patches earlier this month. 

SecurityWeek reports: "High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian"