Vulnerabilites related to wellintech - kinggraphic
var-201401-0054
Vulnerability from variot
WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WellinTech KingSCADA KingAlarm&Event. Authentication is not required to exploit this vulnerability. The specific flaw exists within KAEManageServer.exe, which listens by default on TCP port 8130. Authentication to this service is performed locally through the KAEClientManager console but no authentication is performed against remote connections. A remote attacker with knowledge of the protocol can use this to disclose certain credentials and login to the Oracle database as a legitimate user. KingSCADA is a versatile industrial monitoring software that integrates process control design, field operations and plant resource management. KingGraphic can access data from multiple industrial real-time databases and relational databases. Wait. Multiple WellinTech products are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0054",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kingscada",
"scope": "eq",
"trust": 1.2,
"vendor": "wellintech",
"version": "3.1"
},
{
"model": "kinggraphic",
"scope": "eq",
"trust": 1.2,
"vendor": "wellintech",
"version": "3.1"
},
{
"model": "kingscada",
"scope": "lte",
"trust": 1.0,
"vendor": "wellintech",
"version": "3.1"
},
{
"model": "kingalarm\\\u0026event",
"scope": "lte",
"trust": 1.0,
"vendor": "wellintech",
"version": "2.0.2"
},
{
"model": "kinggraphic",
"scope": "lte",
"trust": 1.0,
"vendor": "wellintech",
"version": "3.1"
},
{
"model": "kingalarm\u0026event",
"scope": "lt",
"trust": 0.8,
"vendor": "wellintech",
"version": "3.1"
},
{
"model": "kinggraphic",
"scope": "lt",
"trust": 0.8,
"vendor": "wellintech",
"version": "3.1.2"
},
{
"model": "kingscada",
"scope": "lt",
"trust": 0.8,
"vendor": "wellintech",
"version": "3.1.2"
},
{
"model": "kingalarm \u0026 event",
"scope": null,
"trust": 0.7,
"vendor": "wellintech",
"version": null
},
{
"model": "kingalarm\u0026event",
"scope": "eq",
"trust": 0.6,
"vendor": "wellintech",
"version": "2.0.2"
},
{
"model": "kingalarm\\\u0026event",
"scope": "eq",
"trust": 0.6,
"vendor": "wellintech",
"version": "2.0.2"
},
{
"model": "kingscada",
"scope": "eq",
"trust": 0.3,
"vendor": "wellintech",
"version": "3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "kingalarm event",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "kinggraphic",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "kingscada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"db": "BID",
"id": "64938"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-297"
},
{
"db": "NVD",
"id": "CVE-2013-2826"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:wellintech:kingalarm%26event",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:wellintech:kinggraphic",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:wellintech:kingscada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi aka rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-012"
}
],
"trust": 0.7
},
"cve": "CVE-2013-2826",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-2826",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-2826",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00423",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "4c53be94-2352-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-2826",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-2826",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2013-2826",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-00423",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-297",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-297"
},
{
"db": "NVD",
"id": "CVE-2013-2826"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WellinTech KingSCADA before 3.1.2, KingAlarm\u0026Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WellinTech KingSCADA KingAlarm\u0026Event. Authentication is not required to exploit this vulnerability. The specific flaw exists within KAEManageServer.exe, which listens by default on TCP port 8130. Authentication to this service is performed locally through the KAEClientManager console but no authentication is performed against remote connections. A remote attacker with knowledge of the protocol can use this to disclose certain credentials and login to the Oracle database as a legitimate user. KingSCADA is a versatile industrial monitoring software that integrates process control design, field operations and plant resource management. KingGraphic can access data from multiple industrial real-time databases and relational databases. Wait. Multiple WellinTech products are prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2826"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"db": "BID",
"id": "64938"
},
{
"db": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2826",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-13-344-01",
"trust": 3.0
},
{
"db": "BID",
"id": "64938",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-00423",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-297",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001175",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1553",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-012",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "56443",
"trust": 0.6
},
{
"db": "IVD",
"id": "4C53BE94-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"db": "BID",
"id": "64938"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-297"
},
{
"db": "NVD",
"id": "CVE-2013-2826"
}
]
},
"id": "VAR-201401-0054",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
}
],
"trust": 1.4583333333333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
}
]
},
"last_update_date": "2024-08-14T14:27:56.069000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.wellintech.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.wellintech.co.jp/"
},
{
"title": "WellinTech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01"
},
{
"title": "Patch of multiple WellinTech products ActiveX Remote Information Disclosure Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/42548"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"db": "NVD",
"id": "CVE-2013-2826"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-344-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2826"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2826"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56443/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-297"
},
{
"db": "NVD",
"id": "CVE-2013-2826"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"db": "BID",
"id": "64938"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-297"
},
{
"db": "NVD",
"id": "CVE-2013-2826"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-17T00:00:00",
"db": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"date": "2014-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"date": "2014-01-14T00:00:00",
"db": "BID",
"id": "64938"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"date": "2014-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-297"
},
{
"date": "2014-01-15T16:08:18.140000",
"db": "NVD",
"id": "CVE-2013-2826"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"date": "2014-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"date": "2014-02-05T17:45:00",
"db": "BID",
"id": "64938"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"date": "2014-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-297"
},
{
"date": "2014-01-16T17:18:57.317000",
"db": "NVD",
"id": "CVE-2013-2826"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-297"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural WellinTech Vulnerabilities that can bypass access restrictions in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-297"
}
],
"trust": 0.6
}
}
var-201401-0055
Vulnerability from variot
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the kxClientDownload.ocx ActiveX control. An attacker can leverage this vulnerability to execute code under the context of the administrator. KingSCADA is a versatile industrial monitoring software that integrates process control design, field operations and plant resource management. KingGraphic can access data from multiple industrial real-time databases and relational databases. Multiple WellinTech products are prone to a remote code-execution vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0055",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kingscada",
"scope": "eq",
"trust": 1.2,
"vendor": "wellintech",
"version": "3.1"
},
{
"model": "kinggraphic",
"scope": "eq",
"trust": 1.2,
"vendor": "wellintech",
"version": "3.1"
},
{
"model": "kingscada",
"scope": "lte",
"trust": 1.0,
"vendor": "wellintech",
"version": "3.1"
},
{
"model": "kingalarm\\\u0026event",
"scope": "lte",
"trust": 1.0,
"vendor": "wellintech",
"version": "2.0.2"
},
{
"model": "kinggraphic",
"scope": "lte",
"trust": 1.0,
"vendor": "wellintech",
"version": "3.1"
},
{
"model": "kingalarm\u0026event",
"scope": "lt",
"trust": 0.8,
"vendor": "wellintech",
"version": "3.1"
},
{
"model": "kinggraphic",
"scope": "lt",
"trust": 0.8,
"vendor": "wellintech",
"version": "3.1.2"
},
{
"model": "kingscada",
"scope": "lt",
"trust": 0.8,
"vendor": "wellintech",
"version": "3.1.2"
},
{
"model": "kingscada kinggraphic",
"scope": null,
"trust": 0.7,
"vendor": "wellintech",
"version": null
},
{
"model": "kingalarm\u0026event",
"scope": "eq",
"trust": 0.6,
"vendor": "wellintech",
"version": "2.0.2"
},
{
"model": "kingalarm\\\u0026event",
"scope": "eq",
"trust": 0.6,
"vendor": "wellintech",
"version": "2.0.2"
},
{
"model": "kingscada",
"scope": "eq",
"trust": 0.3,
"vendor": "wellintech",
"version": "3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "kingalarm event",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "kinggraphic",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "kingscada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "4c4faa70-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-011"
},
{
"db": "CNVD",
"id": "CNVD-2014-00422"
},
{
"db": "BID",
"id": "64941"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001176"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-298"
},
{
"db": "NVD",
"id": "CVE-2013-2827"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:wellintech:kingalarm%26event",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:wellintech:kinggraphic",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:wellintech:kingscada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001176"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi aka rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-011"
}
],
"trust": 0.7
},
"cve": "CVE-2013-2827",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-2827",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 2.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00422",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "4c4faa70-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-2827",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-2827",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2013-2827",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-00422",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-298",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4c4faa70-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4c4faa70-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-011"
},
{
"db": "CNVD",
"id": "CNVD-2014-00422"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001176"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-298"
},
{
"db": "NVD",
"id": "CVE-2013-2827"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm\u0026Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the kxClientDownload.ocx ActiveX control. An attacker can leverage this vulnerability to execute code under the context of the administrator. KingSCADA is a versatile industrial monitoring software that integrates process control design, field operations and plant resource management. KingGraphic can access data from multiple industrial real-time databases and relational databases. Multiple WellinTech products are prone to a remote code-execution vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2827"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001176"
},
{
"db": "ZDI",
"id": "ZDI-14-011"
},
{
"db": "CNVD",
"id": "CNVD-2014-00422"
},
{
"db": "BID",
"id": "64941"
},
{
"db": "IVD",
"id": "4c4faa70-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2827",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-13-344-01",
"trust": 3.0
},
{
"db": "BID",
"id": "64941",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-00422",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-298",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001176",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1552",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-011",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "56443",
"trust": 0.6
},
{
"db": "IVD",
"id": "4C4FAA70-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4c4faa70-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-011"
},
{
"db": "CNVD",
"id": "CNVD-2014-00422"
},
{
"db": "BID",
"id": "64941"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001176"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-298"
},
{
"db": "NVD",
"id": "CVE-2013-2827"
}
]
},
"id": "VAR-201401-0055",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4c4faa70-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00422"
}
],
"trust": 1.4583333333333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4c4faa70-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00422"
}
]
},
"last_update_date": "2024-08-14T14:27:56.110000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.wellintech.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.wellintech.co.jp/"
},
{
"title": "WellinTech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01"
},
{
"title": "Patch of multiple WellinTech product ActiveX remote code execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/42551"
},
{
"title": "KingGraphic3.1.2_EN",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47598"
},
{
"title": "KingAlarm\u0026Event3.1_EN",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47597"
},
{
"title": "KingSCADA3.1.2_EN",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47596"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-011"
},
{
"db": "CNVD",
"id": "CNVD-2014-00422"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001176"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-298"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001176"
},
{
"db": "NVD",
"id": "CVE-2013-2827"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-344-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2827"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2827"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56443/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-011"
},
{
"db": "CNVD",
"id": "CNVD-2014-00422"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001176"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-298"
},
{
"db": "NVD",
"id": "CVE-2013-2827"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4c4faa70-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-011"
},
{
"db": "CNVD",
"id": "CNVD-2014-00422"
},
{
"db": "BID",
"id": "64941"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001176"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-298"
},
{
"db": "NVD",
"id": "CVE-2013-2827"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-17T00:00:00",
"db": "IVD",
"id": "4c4faa70-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-14-011"
},
{
"date": "2014-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00422"
},
{
"date": "2014-01-14T00:00:00",
"db": "BID",
"id": "64941"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001176"
},
{
"date": "2014-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-298"
},
{
"date": "2014-01-15T16:08:18.173000",
"db": "NVD",
"id": "CVE-2013-2827"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-14-011"
},
{
"date": "2014-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00422"
},
{
"date": "2014-08-01T01:11:00",
"db": "BID",
"id": "64941"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001176"
},
{
"date": "2014-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-298"
},
{
"date": "2014-01-16T17:21:02.680000",
"db": "NVD",
"id": "CVE-2013-2827"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-298"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural WellinTech Product ActiveX Any in control DLL Code download vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001176"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code injection",
"sources": [
{
"db": "IVD",
"id": "4c4faa70-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-298"
}
],
"trust": 0.8
}
}
CVE-2013-2826 (GCVE-0-2013-2826)
Vulnerability from cvelistv5
Published
2014-01-15 16:00
Modified
2024-08-06 15:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:20.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WellinTech KingSCADA before 3.1.2, KingAlarm\u0026Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-15T16:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-2826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WellinTech KingSCADA before 3.1.2, KingAlarm\u0026Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-2826",
"datePublished": "2014-01-15T16:00:00",
"dateReserved": "2013-04-11T00:00:00",
"dateUpdated": "2024-08-06T15:52:20.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2827 (GCVE-0-2013-2827)
Vulnerability from cvelistv5
Published
2014-01-15 16:00
Modified
2024-08-06 15:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:52:20.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm\u0026Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-15T16:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-2827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm\u0026Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2013-2827",
"datePublished": "2014-01-15T16:00:00",
"dateReserved": "2013-04-11T00:00:00",
"dateUpdated": "2024-08-06T15:52:20.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-01-15 16:08
Modified
2025-04-11 00:51
Severity ?
Summary
WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01 | Patch, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01 | Patch, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wellintech | kingalarm\&event | * | |
| wellintech | kinggraphic | * | |
| wellintech | kingscada | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wellintech:kingalarm\\\u0026event:*:*:*:*:*:*:*:*",
"matchCriteriaId": "300D5A7D-D07F-43CF-BE26-31A6BE788628",
"versionEndIncluding": "2.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wellintech:kinggraphic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "507960DD-82AA-4314-B85F-D2C79EBB3350",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wellintech:kingscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5B1C33-BAB3-4354-B199-B6D7404EF1B6",
"versionEndIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WellinTech KingSCADA before 3.1.2, KingAlarm\u0026Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130."
},
{
"lang": "es",
"value": "WellinTech KingSCADA anteriores a 3.1.2, KingAlarm Event anteriores a 3.1, y KingGraphic anteriores a 3.1.2 realizan autenticaci\u00f3n en la consola KAEClientManager en lugar de en el servidor, lo cual permite a atacantes remotos sortear restricciones de acceso y descubrir credenciales a trav\u00e9s de paquetes manipulados en el puerto 8130."
}
],
"id": "CVE-2013-2826",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-15T16:08:18.140",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-15 16:08
Modified
2025-04-11 00:51
Severity ?
Summary
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01 | Patch, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01 | Patch, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wellintech | kingalarm\&event | * | |
| wellintech | kinggraphic | * | |
| wellintech | kingscada | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wellintech:kingalarm\\\u0026event:*:*:*:*:*:*:*:*",
"matchCriteriaId": "300D5A7D-D07F-43CF-BE26-31A6BE788628",
"versionEndIncluding": "2.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wellintech:kinggraphic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "507960DD-82AA-4314-B85F-D2C79EBB3350",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wellintech:kingscada:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5B1C33-BAB3-4354-B199-B6D7404EF1B6",
"versionEndIncluding": "3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm\u0026Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value."
},
{
"lang": "es",
"value": "Un control ActiveX no especificado en WellinTech KingSCADA anteriores a 3.1.2, KingAlarm Event anteriores a 3.1, y KingGraphic anteriores a 3.1.2 permite a atacantes remotos descargar c\u00f3digo DLL arbitrariamente en una m\u00e1quina cliente y ejecutar dicho c\u00f3digo a trav\u00e9s de la propiedad ProjectURL."
}
],
"id": "CVE-2013-2827",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-15T16:08:18.173",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}