var-201401-0054
Vulnerability from variot
WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WellinTech KingSCADA KingAlarm&Event. Authentication is not required to exploit this vulnerability. The specific flaw exists within KAEManageServer.exe, which listens by default on TCP port 8130. Authentication to this service is performed locally through the KAEClientManager console but no authentication is performed against remote connections. A remote attacker with knowledge of the protocol can use this to disclose certain credentials and login to the Oracle database as a legitimate user. KingSCADA is a versatile industrial monitoring software that integrates process control design, field operations and plant resource management. KingGraphic can access data from multiple industrial real-time databases and relational databases. Wait. Multiple WellinTech products are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0054",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kingscada",
"scope": "eq",
"trust": 1.2,
"vendor": "wellintech",
"version": "3.1"
},
{
"model": "kinggraphic",
"scope": "eq",
"trust": 1.2,
"vendor": "wellintech",
"version": "3.1"
},
{
"model": "kingscada",
"scope": "lte",
"trust": 1.0,
"vendor": "wellintech",
"version": "3.1"
},
{
"model": "kingalarm\\\u0026event",
"scope": "lte",
"trust": 1.0,
"vendor": "wellintech",
"version": "2.0.2"
},
{
"model": "kinggraphic",
"scope": "lte",
"trust": 1.0,
"vendor": "wellintech",
"version": "3.1"
},
{
"model": "kingalarm\u0026event",
"scope": "lt",
"trust": 0.8,
"vendor": "wellintech",
"version": "3.1"
},
{
"model": "kinggraphic",
"scope": "lt",
"trust": 0.8,
"vendor": "wellintech",
"version": "3.1.2"
},
{
"model": "kingscada",
"scope": "lt",
"trust": 0.8,
"vendor": "wellintech",
"version": "3.1.2"
},
{
"model": "kingalarm \u0026 event",
"scope": null,
"trust": 0.7,
"vendor": "wellintech",
"version": null
},
{
"model": "kingalarm\u0026event",
"scope": "eq",
"trust": 0.6,
"vendor": "wellintech",
"version": "2.0.2"
},
{
"model": "kingalarm\\\u0026event",
"scope": "eq",
"trust": 0.6,
"vendor": "wellintech",
"version": "2.0.2"
},
{
"model": "kingscada",
"scope": "eq",
"trust": 0.3,
"vendor": "wellintech",
"version": "3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "kingalarm event",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "kinggraphic",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "kingscada",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"db": "BID",
"id": "64938"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-297"
},
{
"db": "NVD",
"id": "CVE-2013-2826"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:wellintech:kingalarm%26event",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:wellintech:kinggraphic",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:wellintech:kingscada",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi aka rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-012"
}
],
"trust": 0.7
},
"cve": "CVE-2013-2826",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-2826",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-2826",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00423",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "4c53be94-2352-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-2826",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-2826",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2013-2826",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-00423",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-297",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-297"
},
{
"db": "NVD",
"id": "CVE-2013-2826"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WellinTech KingSCADA before 3.1.2, KingAlarm\u0026Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WellinTech KingSCADA KingAlarm\u0026Event. Authentication is not required to exploit this vulnerability. The specific flaw exists within KAEManageServer.exe, which listens by default on TCP port 8130. Authentication to this service is performed locally through the KAEClientManager console but no authentication is performed against remote connections. A remote attacker with knowledge of the protocol can use this to disclose certain credentials and login to the Oracle database as a legitimate user. KingSCADA is a versatile industrial monitoring software that integrates process control design, field operations and plant resource management. KingGraphic can access data from multiple industrial real-time databases and relational databases. Wait. Multiple WellinTech products are prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2826"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"db": "BID",
"id": "64938"
},
{
"db": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2826",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-13-344-01",
"trust": 3.0
},
{
"db": "BID",
"id": "64938",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2014-00423",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-297",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001175",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1553",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-012",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "56443",
"trust": 0.6
},
{
"db": "IVD",
"id": "4C53BE94-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"db": "BID",
"id": "64938"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-297"
},
{
"db": "NVD",
"id": "CVE-2013-2826"
}
]
},
"id": "VAR-201401-0054",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
}
],
"trust": 1.4583333333333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
}
]
},
"last_update_date": "2024-08-14T14:27:56.069000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.wellintech.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.wellintech.co.jp/"
},
{
"title": "WellinTech has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01"
},
{
"title": "Patch of multiple WellinTech products ActiveX Remote Information Disclosure Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/42548"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"db": "NVD",
"id": "CVE-2013-2826"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-344-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2826"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2826"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56443/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-297"
},
{
"db": "NVD",
"id": "CVE-2013-2826"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"db": "BID",
"id": "64938"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-297"
},
{
"db": "NVD",
"id": "CVE-2013-2826"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-17T00:00:00",
"db": "IVD",
"id": "4c53be94-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2014-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"date": "2014-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"date": "2014-01-14T00:00:00",
"db": "BID",
"id": "64938"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"date": "2014-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-297"
},
{
"date": "2014-01-15T16:08:18.140000",
"db": "NVD",
"id": "CVE-2013-2826"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-05T00:00:00",
"db": "ZDI",
"id": "ZDI-14-012"
},
{
"date": "2014-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00423"
},
{
"date": "2014-02-05T17:45:00",
"db": "BID",
"id": "64938"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001175"
},
{
"date": "2014-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-297"
},
{
"date": "2014-01-16T17:18:57.317000",
"db": "NVD",
"id": "CVE-2013-2826"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-297"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural WellinTech Vulnerabilities that can bypass access restrictions in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001175"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-297"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…