var-201310-0626
Vulnerability from variot
The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack. Kingview is the first SCADA product launched by Asia Control for small and medium-sized projects for monitoring and controlling automation equipment and processes. WellinTech KingView ActiveX has multiple arbitrary file coverage vulnerabilities. Because the program fails to properly filter user input, an attacker can exploit the vulnerability to save arbitrary files on the affected application context computer. WellinTech KingView is prone to multiple insecure-method vulnerabilities because it fails to properly sanitize user-supplied input. KingView 6.53 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0626",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kingview",
"scope": "lte",
"trust": 1.0,
"vendor": "wellintech",
"version": "6.52"
},
{
"model": "kingview",
"scope": "eq",
"trust": 0.9,
"vendor": "wellintech",
"version": "6.53"
},
{
"model": "kingview",
"scope": "lt",
"trust": 0.8,
"vendor": "wellintech",
"version": "6.53 (kchartxy.ocx 65.30.30000.10002 )"
},
{
"model": "kingview",
"scope": "eq",
"trust": 0.6,
"vendor": "wellintech",
"version": "6.52"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13162"
},
{
"db": "BID",
"id": "62419"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004902"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-514"
},
{
"db": "NVD",
"id": "CVE-2013-6128"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:wellintech:kingview",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004902"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blake",
"sources": [
{
"db": "BID",
"id": "62419"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-514"
}
],
"trust": 0.9
},
"cve": "CVE-2013-6128",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-6128",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-13162",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6128",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-6128",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-13162",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-514",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13162"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004902"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-514"
},
{
"db": "NVD",
"id": "CVE-2013-6128"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack. Kingview is the first SCADA product launched by Asia Control for small and medium-sized projects for monitoring and controlling automation equipment and processes. WellinTech KingView ActiveX has multiple arbitrary file coverage vulnerabilities. Because the program fails to properly filter user input, an attacker can exploit the vulnerability to save arbitrary files on the affected application context computer. WellinTech KingView is prone to multiple insecure-method vulnerabilities because it fails to properly sanitize user-supplied input. \nKingView 6.53 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6128"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004902"
},
{
"db": "CNVD",
"id": "CNVD-2013-13162"
},
{
"db": "BID",
"id": "62419"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6128",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-13-295-01",
"trust": 2.4
},
{
"db": "EXPLOIT-DB",
"id": "28085",
"trust": 1.6
},
{
"db": "BID",
"id": "62419",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004902",
"trust": 0.8
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-13-256-01",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-13162",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201310-514",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13162"
},
{
"db": "BID",
"id": "62419"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004902"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-514"
},
{
"db": "NVD",
"id": "CVE-2013-6128"
}
]
},
"id": "VAR-201310-0626",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13162"
}
],
"trust": 1.1748105999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13162"
}
]
},
"last_update_date": "2024-11-23T22:08:28.927000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://en.wellintech.com/"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.wellintech.co.jp/"
},
{
"title": "WellinTech KingView ActiveX has multiple patches for arbitrary file coverage vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/67162"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13162"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004902"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004902"
},
{
"db": "NVD",
"id": "CVE-2013-6128"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-295-01"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/28085/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6128"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6128"
},
{
"trust": 0.6,
"url": "http://ics-cert.us-cert.gov/alerts/ics-alert-13-256-01"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62419"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13162"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004902"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-514"
},
{
"db": "NVD",
"id": "CVE-2013-6128"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-13162"
},
{
"db": "BID",
"id": "62419"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004902"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-514"
},
{
"db": "NVD",
"id": "CVE-2013-6128"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13162"
},
{
"date": "2013-09-04T00:00:00",
"db": "BID",
"id": "62419"
},
{
"date": "2013-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004902"
},
{
"date": "2013-09-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-514"
},
{
"date": "2013-10-25T20:55:03.517000",
"db": "NVD",
"id": "CVE-2013-6128"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13162"
},
{
"date": "2013-10-23T00:37:00",
"db": "BID",
"id": "62419"
},
{
"date": "2013-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004902"
},
{
"date": "2013-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-514"
},
{
"date": "2024-11-21T01:58:44.483000",
"db": "NVD",
"id": "CVE-2013-6128"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-514"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WellinTech KingView of KChartXY.ocx Vulnerable to arbitrary file generation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004902"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-514"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…