13 matches found
CVE-2012-1977
WellinTech KingSCADA 3.0 stores passwords in user.db using a cleartext base64 format, enabling attackers with access to read the file to obtain passwords. Root cause: missing encryption of sensitive data. Impact: attacker could log in using decoded credentials; vulnerability described as remotely...
CVE-2011-4536
WellinTech KingView is affected by a heap-based buffer overflow in HistoryServer.exe (HistorySvr.dll, nettransdll.dll) that can be triggered by parsing op-code 3 packets on TCP port 777, allowing remote code execution. Affected are KingView 6.53 and 65.30.2010.18018. Root cause: heap allocation b...
CVE-2011-0406
CVE-2011-0406 concerns a remote heap overflow in WellinTech KingView 6.53’s HistorySvr.exe. A specially crafted request to port 777 can cause heap corruption, allowing a remote attacker to execute arbitrary code or crash the service. Public references note exploitation code exists and a patch was...
CVE-2012-1831
WellinTech KingView 6.53 (and KingHistorian 3.0 per ICS-CERT) are affected by CVE-2012-1831, a heap-based buffer overflow in KingView that can be triggered by a crafted TCP packet to port 555, enabling remote code execution. The vulnerability is part of multiple KingView vulnerabilities described...
CVE-2013-6128
CVE-2013-6128 affects WellinTech KingView ActiveX controls: KChartXY.ocx and related SuperGrid.ocx in KingView versions older than 6.53, specifically before 65.30.30000.10002. The flaw is an insufficient restriction of SaveToFile calls, enabling a remote attacker to perform directory traversal to...
CVE-2012-1830
WellinTech KingView 6.53 is affected by CVE-2012-1830 due to a stack-based buffer overflow in KingView that can be triggered by a crafted packet sent to TCP port 555, potentially enabling remote code execution. Related advisories (RH-CVE, PRION, CPS/ICS) corroborate a remote-exploitation vector a...
CVE-2012-1832
WellinTech KingView 6.53 is affected by CVE-2012-1832: an out-of-bounds read vulnerability exploitable by a crafted packet to port 2001 (TCP/UDP). The issue may enable arbitrary code execution or DoS in the KingView application. Multiple connected sources corroborate the vulnerability details, in...
CVE-2012-4899
CVE-2012-4899 affects WellinTech KingView 6.5.3 and earlier, where user credentials are not securely hashed, enabling local attackers to discover usernames and passwords by reading a stored file. The vulnerability stems from a weak password-hashing algorithm, and exploitation requires local acces...
CVE-2011-3142
CVE-2011-3142 affects WellinTech KingView KVWebSvr.dll ActiveX control in versions 6.52/6.53. The vulnerability is a stack-based buffer overflow triggered by a long second argument to the ValidateUser method, enabling remote code execution. Public exploit code exists (ICS-CERT/ISA advisories refe...
CVE-2012-4711
CVE-2012-4711 affects KingView/KingMess.exe in multiple 6.x versions (6.52, 6.53, 6.55). The vulnerability is a memory corruption/buffer overflow (CWE-119) triggered when KingMess handles input (e.g., crafted packets or log files), allowing remote code execution or memory corruption. Public refer...
CVE-2012-1819
CVE-2012-1819 describes an Untrusted Search Path (DLL hijack) vulnerability in WellinTech KingView 6.53. An attacker with file-system access could place a malicious DLL in the application's working directory to achieve arbitrary code execution. ICS-CERT notes the vulnerability is remotely exploit...
CVE-2013-6127
The CVE-2013-6127 vulnerability affects WellinTech KingView prior to version 6.53, where the SUPERGRIDLib.SuperGrid ActiveX control (SuperGrid.ocx) before 65.30.30000.10002 allows an attacker to bypass restrictions on ReplaceDBFile, enabling remote creation/overwrite of arbitrary files via two pa...
CVE-2012-2560
CVE-2012-2560 affects WellinTech KingView 6.53. A directory traversal vulnerability allows remote attackers to read arbitrary files by sending a crafted HTTP request to port 8001. The issue originates from a path traversal weakness in KingView, with the potential for file disclosure. Red Hat/NVD ...