Cyber Resilience

CVE-2022-43663

HighPublic PoC

Published: 20 March 2023

Published
20 March 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1681 95.1th percentile
Risk Priority 26 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-43663 is a high-severity Signed to Unsigned Conversion Error (CWE-195) vulnerability in Wellintech Kinghistorian. Its CVSS base score is 8.1 (High).

Operationally, ranked in the top 4.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. The flaw, tracked as CVE-2022-43663 and also associated with CWE-195 and CWE-681, allows a specially crafted network packet to trigger a buffer overflow.

An unauthenticated remote attacker can send a malicious packet to exploit the issue. Successful exploitation yields high impact on confidentiality, integrity, and availability, as reflected in the CVSS 8.1 score requiring high attack complexity over the network.

Advisories from Talos Intelligence detail the vulnerability at the provided reference URLs. The EPSS score reached a peak of 0.2612 on 2026-03-17 before receding to the current value of 0.1681.

EU & UK References

Vulnerability details

An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

wellintech
kinghistorian
35.01.00.05

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References