CVE-2022-43663
Published: 20 March 2023
Summary
CVE-2022-43663 is a high-severity Signed to Unsigned Conversion Error (CWE-195) vulnerability in Wellintech Kinghistorian. Its CVSS base score is 8.1 (High).
Operationally, ranked in the top 4.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. The flaw, tracked as CVE-2022-43663 and also associated with CWE-195 and CWE-681, allows a specially crafted network packet to trigger a buffer overflow.
An unauthenticated remote attacker can send a malicious packet to exploit the issue. Successful exploitation yields high impact on confidentiality, integrity, and availability, as reflected in the CVSS 8.1 score requiring high attack complexity over the network.
Advisories from Talos Intelligence detail the vulnerability at the provided reference URLs. The EPSS score reached a peak of 0.2612 on 2026-03-17 before receding to the current value of 0.1681.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-46658
Vulnerability details
An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.