WellinTech KingHistorian User Authentication Flaw Explained


WellinTech KingHistorian, a software system that helps analyze data from industrial control systems, is vulnerable to a serious security flaw. This flaw could allow sensitive information to be put at risk.

According to the latest reports, the vulnerability CVE-2022-45124 affects the user authentication function and reportedly exists in version 35.01.00.05.

According to the Talos vulnerability report, CVE-2022-45124 can be exploited to gain unauthorized access to confidential information. This could lead to data breaches and other security incidents within the WellinTech KingHistorian ecosystem. 

Upon analyzing the vulnerability, it was found that hackers can exploit a vulnerability in XDBServer’s communication protocol with a carefully crafted network packet. This allows them to intercept and decipher the same username and password used for authentication.

Even though the protocol uses encryption and compression to safeguard against plaintext transmission, attackers can still capture the authentication packet and extract all the necessary information to uncover the login credentials.

WellinTech KingHistorian vulnerability explained

WellinTech KingHistorian vulnerability is the second WellinTech KingHistorian-related vulnerability, with integer conversion being the first.

According to the reports, the WellinTech KingHistorian vulnerability could allow a potential security threat to intercept network traffic, especially in scenarios where the traffic is unencrypted or when an attacker has already infiltrated the network.

In this particular vulnerability, the attacker can capture the authentication packet and decode the ciphered password into plaintext form by combining parts of the enc_key.

Experts have classified this vulnerability with a CVSS score of 7.5 out of 10, which highlights the high-severity nature of the vulnerability.

Additionally, the vulnerability has been assigned a CWE of 200, which relates to the exposure of sensitive information.

On December 16, 2022, Carl Hurd, an expert at Cisco Talos, discovered a vulnerability and immediately reported it to the vendor. The vendor acknowledged and disclosed the vulnerability on December 22 and eventually released a patch on March 17, 2023. Subsequently, the vulnerability was publicly released on March 20, 2023.

To secure themselves against this vulnerability, users of WellinTech KingHistorian are strongly advised to update their software to the latest version.

It is also vital for organizations to implement best practices in network security, such as using strong passwords and applying encryption wherever possible to protect against potential security threats.





Source link