var-201210-0353
Vulnerability from variot
WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file. KingView is a product for building a data information service platform for industrial automation. Wellintech KingView has a default authentication credential that an attacker could use to log in to the application for unauthorized access using this undocumented default user. WellinTech KingView is prone to an unauthorized-access vulnerability due to a backdoor in all versions of the application. Attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201210-0353",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kingview",
"scope": "eq",
"trust": 2.5,
"vendor": "wellintech",
"version": "65.30.17249"
},
{
"model": "kingview",
"scope": "eq",
"trust": 2.5,
"vendor": "wellintech",
"version": "65.30.2010.18018"
},
{
"model": "kingview",
"scope": "eq",
"trust": 1.6,
"vendor": "wellintech",
"version": "6.5.30.2010.18018"
},
{
"model": "kingview",
"scope": "eq",
"trust": 1.6,
"vendor": "wellintech",
"version": "3.0"
},
{
"model": "kingview",
"scope": "eq",
"trust": 1.6,
"vendor": "wellintech",
"version": "6.52"
},
{
"model": "kingview",
"scope": "eq",
"trust": 1.5,
"vendor": "wellintech",
"version": "6.53"
},
{
"model": "kingview",
"scope": "lte",
"trust": 1.0,
"vendor": "wellintech",
"version": "6.53"
},
{
"model": "kingview",
"scope": "lte",
"trust": 0.8,
"vendor": "wellintech",
"version": "6.5.3"
},
{
"model": "kingview",
"scope": "lte",
"trust": 0.6,
"vendor": "wellintech",
"version": "\u003c=6.5.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "kingview",
"version": "3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "kingview",
"version": "6.5.30.2010.18018"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "kingview",
"version": "6.52"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "kingview",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "kingview",
"version": "65.30.2010.18018"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "kingview",
"version": "65.30.17249"
}
],
"sources": [
{
"db": "IVD",
"id": "4fbf6582-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "79960df6-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4033"
},
{
"db": "CNVD",
"id": "CNVD-2012-5742"
},
{
"db": "BID",
"id": "54729"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004920"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-595"
},
{
"db": "NVD",
"id": "CVE-2012-4899"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:wellintech:kingview",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004920"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dr. Wesley McGrew of Mississippi State University",
"sources": [
{
"db": "BID",
"id": "54729"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-595"
}
],
"trust": 0.9
},
"cve": "CVE-2012-4899",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2012-4899",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "4fbf6582-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "79960df6-1f5d-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-4899",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2012-4899",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201207-595",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "4fbf6582-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "IVD",
"id": "79960df6-1f5d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4fbf6582-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "79960df6-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004920"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-595"
},
{
"db": "NVD",
"id": "CVE-2012-4899"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file. KingView is a product for building a data information service platform for industrial automation. Wellintech KingView has a default authentication credential that an attacker could use to log in to the application for unauthorized access using this undocumented default user. WellinTech KingView is prone to an unauthorized-access vulnerability due to a backdoor in all versions of the application. \nAttackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4899"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004920"
},
{
"db": "CNVD",
"id": "CNVD-2012-4033"
},
{
"db": "CNVD",
"id": "CNVD-2012-5742"
},
{
"db": "BID",
"id": "54729"
},
{
"db": "IVD",
"id": "4fbf6582-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "79960df6-1f5d-11e6-abef-000c29c66e3d"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4899",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-12-283-02",
"trust": 2.4
},
{
"db": "CNNVD",
"id": "CNNVD-201207-595",
"trust": 1.0
},
{
"db": "BID",
"id": "54729",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-5742",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-4033",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004920",
"trust": 0.8
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-12-212-02",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47148",
"trust": 0.6
},
{
"db": "IVD",
"id": "4FBF6582-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "79960DF6-1F5D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4fbf6582-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "79960df6-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4033"
},
{
"db": "CNVD",
"id": "CNVD-2012-5742"
},
{
"db": "BID",
"id": "54729"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004920"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-595"
},
{
"db": "NVD",
"id": "CVE-2012-4899"
}
]
},
"id": "VAR-201210-0353",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4fbf6582-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "79960df6-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4033"
},
{
"db": "CNVD",
"id": "CNVD-2012-5742"
}
],
"trust": 2.1748106
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "4fbf6582-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "79960df6-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4033"
},
{
"db": "CNVD",
"id": "CNVD-2012-5742"
}
]
},
"last_update_date": "2024-11-23T22:31:30.231000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "June.27,2012-Patch for KingView6.53",
"trust": 0.8,
"url": "http://www.wellintech.com/index.php/news/33-patch-for-kingview653"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://en.wellintech.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.wellintech.co.jp/"
},
{
"title": "Patch for WellinTech KingView Backdoor Unauthorized Access Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/67164"
},
{
"title": "WellinTech KingView weak password algorithm vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/23654"
},
{
"title": "KV20120322-EN",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45073"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4033"
},
{
"db": "CNVD",
"id": "CNVD-2012-5742"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004920"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-595"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004920"
},
{
"db": "NVD",
"id": "CVE-2012-4899"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-283-02.pdf"
},
{
"trust": 1.0,
"url": "http://www.wellintech.com/index.php/news/33-patch-for-kingview653"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4899"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4899"
},
{
"trust": 0.6,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-12-212-02.pdf"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47148"
},
{
"trust": 0.3,
"url": "http://www.kingview.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-4033"
},
{
"db": "CNVD",
"id": "CNVD-2012-5742"
},
{
"db": "BID",
"id": "54729"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004920"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-595"
},
{
"db": "NVD",
"id": "CVE-2012-4899"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4fbf6582-2353-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "79960df6-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4033"
},
{
"db": "CNVD",
"id": "CNVD-2012-5742"
},
{
"db": "BID",
"id": "54729"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004920"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-595"
},
{
"db": "NVD",
"id": "CVE-2012-4899"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-10-12T00:00:00",
"db": "IVD",
"id": "4fbf6582-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-08-01T00:00:00",
"db": "IVD",
"id": "79960df6-1f5d-11e6-abef-000c29c66e3d"
},
{
"date": "2012-08-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4033"
},
{
"date": "2012-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5742"
},
{
"date": "2012-07-30T00:00:00",
"db": "BID",
"id": "54729"
},
{
"date": "2012-10-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004920"
},
{
"date": "2012-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-595"
},
{
"date": "2012-10-10T18:55:05.550000",
"db": "NVD",
"id": "CVE-2012-4899"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-4033"
},
{
"date": "2015-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-5742"
},
{
"date": "2015-03-19T08:52:00",
"db": "BID",
"id": "54729"
},
{
"date": "2012-10-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004920"
},
{
"date": "2020-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-595"
},
{
"date": "2024-11-21T01:43:42.963000",
"db": "NVD",
"id": "CVE-2012-4899"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-595"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WellinTech KingView Backdoor unauthorized access vulnerability",
"sources": [
{
"db": "IVD",
"id": "79960df6-1f5d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-4033"
},
{
"db": "BID",
"id": "54729"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-595"
}
],
"trust": 1.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201207-595"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…