8 matches found
WellinTech KingSCADA KingAlarm & Event KAEManageServer Information Disclosure Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WellinTech KingSCADA KingAlarm&Event.; Authentication is not required to exploit this vulnerability. The specific flaw exists within KAEManageServer.exe, which listens by default on TCP port 8130...
CVE-2013-2827
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value...
Code injection
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value...
CVE-2013-2826
CVE-2013-2826 affects WellinTech KingSCADA prior to 3.1.2, KingAlarm&Event prior to 3.1, and KingGraphic prior to 3.1.2. Authentication is performed at the KAEClientManager console, not the server, enabling a remote attacker to discover credentials by sending a crafted packet to TCP port 8130. Co...
CVE-2013-2826
WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP...
CVE-2013-2827
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value...
CVE-2013-2827
CVE-2013-2827 concerns an unresolved ActiveX control in WellinTech KingSCADA (before 3.1.2), KingAlarm&Event (before 3.1), and KingGraphic (before 3.1.2) that allows remote code execution by abusing the ProjectURL property to download and execute a DLL on a client. Root cause: insufficient saniti...
WellinTech Vulnerabilities
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on December 10, 2013, and is now being released to the NCCIC/ICS-CERT Web site. NCCIC/ICS-CERT received reports from the Zero Day Initiative ZDI regarding a remote code execution vulnerability and an information...