CVE-2012-1977 in Kingview
Summary
by MITRE
WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/27/2025
The vulnerability identified as CVE-2012-1977 affects WellinTech KingSCADA 3.0 software, a supervisory control and data acquisition system commonly used in industrial environments for monitoring and controlling industrial processes. This particular flaw represents a critical weakness in the software's credential storage mechanism that directly impacts the security posture of industrial control systems. The vulnerability stems from the improper handling of authentication credentials within the application's user database file, creating an exploitable condition that can lead to unauthorized access to critical system resources.
The technical implementation of this vulnerability involves the storage of user passwords in a cleartext base64 encoded format within the user.db file. This approach violates fundamental security principles for credential storage, as base64 encoding is not encryption but rather a method for encoding binary data into ASCII characters. The cleartext nature of the base64 encoded passwords means that any attacker with access to the user.db file can directly read and decode the credentials without requiring additional cryptographic attacks or brute force attempts. This represents a classic example of weak cryptographic practices and improper credential handling that falls under the scope of CWE-312, which specifically addresses the exposure of sensitive information through cleartext storage of credentials.
The operational impact of this vulnerability extends beyond simple credential theft, as it fundamentally compromises the security model of the industrial control system. In industrial environments, KingSCADA systems often control critical infrastructure including power generation, water treatment, and manufacturing processes where unauthorized access can lead to operational disruptions, safety hazards, or even physical damage. The context-dependent nature of this attack means that an attacker must already have access to the system files, but this access requirement is significantly lower than typical industrial security expectations. Once credentials are obtained, attackers can escalate their privileges and potentially gain full control over the industrial processes monitored by the system, creating a severe risk to operational technology environments.
This vulnerability aligns with several ATT&CK framework techniques including credential access through file system access and privilege escalation. The attack surface is particularly concerning in industrial environments where physical access to system files may be more readily available through legitimate maintenance activities or through social engineering attacks targeting system administrators. The lack of encryption or proper hashing mechanisms in the password storage process means that even if the system implements other security controls, the credential storage mechanism provides an easy path for attackers to bypass these protections. Organizations implementing industrial control systems should consider this vulnerability as part of their overall risk assessment and ensure that proper access controls, file system permissions, and network segmentation are implemented to prevent unauthorized access to critical system files.
The remediation approach for this vulnerability requires immediate implementation of proper credential storage mechanisms that comply with industry standards for password handling. Organizations should transition from cleartext or base64 encoded storage to properly hashed and salted password storage using strong cryptographic algorithms such as bcrypt, scrypt, or PBKDF2. Additionally, system administrators should implement strict file access controls and audit mechanisms to monitor access to sensitive configuration files. The vulnerability also highlights the importance of secure configuration management and regular security assessments of industrial control systems, as many of these systems were not originally designed with modern security practices in mind, making them particularly susceptible to such fundamental implementation flaws.