Lucene search
K

59 matches found

Zero Day Initiative
Zero Day Initiative
added 2014/02/05 12:0 a.m.25 views

WellinTech KingSCADA KingAlarm & Event KAEManageServer Information Disclosure Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WellinTech KingSCADA KingAlarm&Event.; Authentication is not required to exploit this vulnerability. The specific flaw exists within KAEManageServer.exe, which listens by default on TCP port 8130...

7.5CVSS7.2AI score0.01776EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2014/02/05 12:0 a.m.36 views

WellinTech KingScada KingGraphic kxClientDownload ActiveX Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WellinTech KingScada KingGraphics. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

7.5CVSS3.8AI score0.49235EPSS
Exploits5References1
NVD
NVD
added 2014/01/15 4:8 p.m.17 views

CVE-2013-2827

An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value...

7.5CVSS7AI score0.49235EPSS
Exploits5References1
Prion
Prion
added 2014/01/15 4:8 p.m.18 views

Authentication flaw

WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP...

6.4CVSS7.4AI score0.01776EPSS
Exploits0References1Affected Software3
Prion
Prion
added 2014/01/15 4:8 p.m.20 views

Code injection

An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value...

7.5CVSS7.6AI score0.49235EPSS
Exploits5References1Affected Software3
CVE
CVE
added 2014/01/15 4:0 p.m.54 views

CVE-2013-2826

CVE-2013-2826 affects WellinTech KingSCADA prior to 3.1.2, KingAlarm&Event prior to 3.1, and KingGraphic prior to 3.1.2. Authentication is performed at the KAEClientManager console, not the server, enabling a remote attacker to discover credentials by sending a crafted packet to TCP port 8130. Co...

6.4CVSS7.1AI score0.01776EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2014/01/15 4:0 p.m.28 views

CVE-2013-2826

WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP...

6.9AI score0.01776EPSS
Exploits0References1
Cvelist
Cvelist
added 2014/01/15 4:0 p.m.21 views

CVE-2013-2827

An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value...

7AI score0.49235EPSS
Exploits5References1
CVE
CVE
added 2014/01/15 4:0 p.m.58 views

CVE-2013-2827

CVE-2013-2827 concerns an unresolved ActiveX control in WellinTech KingSCADA (before 3.1.2), KingAlarm&Event (before 3.1), and KingGraphic (before 3.1.2) that allows remote code execution by abusing the ProjectURL property to download and execute a DLL on a client. Root cause: insufficient saniti...

7.5CVSS7.2AI score0.49235EPSS
Exploits5References1Affected Software3
ICS
ICS
added 2013/09/12 6:0 a.m.56 views

WellinTech Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on December 10, 2013, and is now being released to the NCCIC/ICS-CERT Web site. NCCIC/ICS-CERT received reports from the Zero Day Initiative ZDI regarding a remote code execution vulnerability and an information...

7.5CVSS7.5AI score0.49235EPSS
Exploits5References10
Positive Technologies
Positive Technologies
added 2013/03/14 12:0 a.m.4 views

PT-2013-89: XML External Entities Resolution vulnerability in KingSCADA

The specialists of the Positive Research center have detected an XML External Entities Resolution vulnerability in KingSCADA. The vulnerability is possible due to unsafe parsing of XML external entities. If an attacker manages to make a victim open a project that contains specially crafted XML,...

5.8CVSS7.2AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/06/14 12:0 a.m.16 views

WellinTech KingSCADA Detection

Binary data scadaappwellintechkingscadadetect.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/06/14 12:0 a.m.17 views

WellinTech KingSCADA 3.1 < 2012-04-16 user.db Base-64 Encoding Local Credentials Disclosure

Binary data scadakingscada312012-04-16.nbin...

7.1CVSS7.3AI score0.00798EPSS
Exploits0References3
NVD
NVD
added 2012/05/09 10:33 a.m.16 views

CVE-2012-1977

WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file...

7.1CVSS6AI score0.00798EPSS
Exploits0References3
Prion
Prion
added 2012/05/09 10:33 a.m.14 views

Design/Logic Flaw

WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file...

7.1CVSS6.4AI score0.00798EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2012/05/09 10:0 a.m.181 views

CVE-2012-1977

WellinTech KingSCADA 3.0 stores passwords in user.db using a cleartext base64 format, enabling attackers with access to read the file to obtain passwords. Root cause: missing encryption of sensitive data. Impact: attacker could log in using decoded credentials; vulnerability described as remotely...

7.1CVSS6.1AI score0.00798EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/05/09 10:0 a.m.26 views

CVE-2012-1977 WellinTech KingSCADA Missing Encryption of Sensitive Data

WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file...

7.1CVSS6AI score0.00798EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2012/05/09 12:0 a.m.5 views

PT-2012-3707 · Wellintech · Kingscada

Name of the Vulnerable Software and Affected Versions: WellinTech KingSCADA version 3.0 Description: The issue concerns the storage of passwords in a cleartext base64 format within the user.db file, allowing attackers to obtain sensitive information by reading this file. Recommendations: For...

7.1CVSS5.8AI score0.00798EPSS
Exploits0References5
ICS
ICS
added 2012/02/09 7:0 a.m.38 views

WellinTech KingSCADA Insecure Password Encryption

Overview This advisory is a follow-up to the alert titled “ICS-ALERT-12-020-06 - WellinTech KingSCADA Insecure Password Encryption Vulnerability” that was published January 20, 2012, on the ICS-CERT web page. Independent researchers Alexandr Polyakov and Alexey Sintsov from DSecRG identified an...

7.1CVSS6.6AI score0.00798EPSS
Exploits0References10
Rows per page
Query Builder