Signature Detail

SCADA: WellinTech KingSCADA kxNetDispose.dll Stack Buffer Overflow

This signature detects attempts to exploit a known vulnerability against WellinTech KingSCADA. The vulnerability is due to insufficient validation on the size of the data. The vulnerable module is kxNetDispose.dll. The vulnerability, if exploited, results in the overwriting of the structured exception handler (SEH) in the AEserver.exe process listening on port 12401/TCP. A remote unauthenticated attacker could exploit this vulnerability by sending a malicious packet to the KingSCADA server. Successful exploitation could lead to remote code execution under the security context of a privileged system user.

References

• BugTraq: 66709
• CVE: CVE-2014-0787