Lucene search
HistoryJan 15, 2014 - 4:08 p.m.
CVE-2013-2826
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.9
Confidence
Low
EPSS
0.083
Percentile
94.4%
WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130.
Affected configurations
Node
wellintechkingalarm\&eventRange≤2.0.2
ORwellintechkinggraphicRange≤3.1
ORwellintechkingscadaRange≤3.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wellintech | kingalarm\&event | * | cpe:2.3:a:wellintech:kingalarm\&event:*:*:*:*:*:*:*:* |
| wellintech | kinggraphic | * | cpe:2.3:a:wellintech:kinggraphic:*:*:*:*:*:*:*:* |
| wellintech | kingscada | * | cpe:2.3:a:wellintech:kingscada:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2013-2826
2014-01-15 16:00:00
prion
prion
Authentication flaw
2014-01-15 16:08:00
zdi
zdi
cve
cve
CVE-2013-2826
2014-01-15 16:08:18
ics
ics
WellinTech Vulnerabilities
2018-09-06 12:00:00
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.9
Confidence
Low
EPSS
0.083
Percentile
94.4%
Related for NVD:CVE-2013-2826