Lucene search
K
WellintechKingview

13 matches found

CVE
CVE
added 2012/05/09 10:0 a.m.181 views

CVE-2012-1977

WellinTech KingSCADA 3.0 stores passwords in user.db using a cleartext base64 format, enabling attackers with access to read the file to obtain passwords. Root cause: missing encryption of sensitive data. Impact: attacker could log in using decoded credentials; vulnerability described as remotely...

7.1CVSS6.1AI score0.00798EPSS
CVE
CVE
added 2011/12/27 2:0 a.m.125 views

CVE-2011-4536

WellinTech KingView is affected by a heap-based buffer overflow in HistoryServer.exe (HistorySvr.dll, nettransdll.dll) that can be triggered by parsing op-code 3 packets on TCP port 777, allowing remote code execution. Affected are KingView 6.53 and 65.30.2010.18018. Root cause: heap allocation b...

10CVSS8AI score0.08635EPSS
CVE
CVE
added 2011/01/11 1:0 a.m.64 views

CVE-2011-0406

CVE-2011-0406 concerns a remote heap overflow in WellinTech KingView 6.53’s HistorySvr.exe. A specially crafted request to port 777 can cause heap corruption, allowing a remote attacker to execute arbitrary code or crash the service. Public references note exploitation code exists and a patch was...

10CVSS8.3AI score0.20939EPSS
CVE
CVE
added 2012/07/05 1:0 a.m.60 views

CVE-2012-1831

WellinTech KingView 6.53 (and KingHistorian 3.0 per ICS-CERT) are affected by CVE-2012-1831, a heap-based buffer overflow in KingView that can be triggered by a crafted TCP packet to port 555, enabling remote code execution. The vulnerability is part of multiple KingView vulnerabilities described...

10CVSS8.2AI score0.15942EPSS
CVE
CVE
added 2013/10/25 8:0 p.m.59 views

CVE-2013-6128

CVE-2013-6128 affects WellinTech KingView ActiveX controls: KChartXY.ocx and related SuperGrid.ocx in KingView versions older than 6.53, specifically before 65.30.30000.10002. The flaw is an insufficient restriction of SaveToFile calls, enabling a remote attacker to perform directory traversal to...

5.8CVSS7.5AI score0.02562EPSS
CVE
CVE
added 2012/07/05 1:0 a.m.58 views

CVE-2012-1830

WellinTech KingView 6.53 is affected by CVE-2012-1830 due to a stack-based buffer overflow in KingView that can be triggered by a crafted packet sent to TCP port 555, potentially enabling remote code execution. Related advisories (RH-CVE, PRION, CPS/ICS) corroborate a remote-exploitation vector a...

10CVSS8.2AI score0.07654EPSS
CVE
CVE
added 2012/07/05 1:0 a.m.58 views

CVE-2012-1832

WellinTech KingView 6.53 is affected by CVE-2012-1832: an out-of-bounds read vulnerability exploitable by a crafted packet to port 2001 (TCP/UDP). The issue may enable arbitrary code execution or DoS in the KingView application. Multiple connected sources corroborate the vulnerability details, in...

10CVSS8AI score0.05914EPSS
CVE
CVE
added 2012/10/10 6:0 p.m.56 views

CVE-2012-4899

CVE-2012-4899 affects WellinTech KingView 6.5.3 and earlier, where user credentials are not securely hashed, enabling local attackers to discover usernames and passwords by reading a stored file. The vulnerability stems from a weak password-hashing algorithm, and exploitation requires local acces...

2.1CVSS6.5AI score0.00322EPSS
CVE
CVE
added 2011/08/16 9:0 p.m.55 views

CVE-2011-3142

CVE-2011-3142 affects WellinTech KingView KVWebSvr.dll ActiveX control in versions 6.52/6.53. The vulnerability is a stack-based buffer overflow triggered by a long second argument to the ValidateUser method, enabling remote code execution. Public exploit code exists (ICS-CERT/ISA advisories refe...

10CVSS8.3AI score0.381EPSS
CVE
CVE
added 2013/02/15 11:0 a.m.55 views

CVE-2012-4711

CVE-2012-4711 affects KingView/KingMess.exe in multiple 6.x versions (6.52, 6.53, 6.55). The vulnerability is a memory corruption/buffer overflow (CWE-119) triggered when KingMess handles input (e.g., crafted packets or log files), allowing remote code execution or memory corruption. Public refer...

10CVSS8AI score0.61492EPSS
CVE
CVE
added 2012/05/02 10:0 p.m.54 views

CVE-2012-1819

CVE-2012-1819 describes an Untrusted Search Path (DLL hijack) vulnerability in WellinTech KingView 6.53. An attacker with file-system access could place a malicious DLL in the application's working directory to achieve arbitrary code execution. ICS-CERT notes the vulnerability is remotely exploit...

9.3CVSS6.6AI score0.01708EPSS
CVE
CVE
added 2013/10/25 8:0 p.m.54 views

CVE-2013-6127

The CVE-2013-6127 vulnerability affects WellinTech KingView prior to version 6.53, where the SUPERGRIDLib.SuperGrid ActiveX control (SuperGrid.ocx) before 65.30.30000.10002 allows an attacker to bypass restrictions on ReplaceDBFile, enabling remote creation/overwrite of arbitrary files via two pa...

5.8CVSS7.5AI score0.13915EPSS
CVE
CVE
added 2012/07/05 1:0 a.m.52 views

CVE-2012-2560

CVE-2012-2560 affects WellinTech KingView 6.53. A directory traversal vulnerability allows remote attackers to read arbitrary files by sending a crafted HTTP request to port 8001. The issue originates from a path traversal weakness in KingView, with the potential for file disclosure. Red Hat/NVD ...

5CVSS6.8AI score0.02581EPSS