Lucene search

K
cveIcscertCVE-2013-2826
HistoryJan 15, 2014 - 4:08 p.m.

CVE-2013-2826

2014-01-1516:08:18
CWE-264
icscert
web.nvd.nist.gov
30
cve-2013-2826
wellintech kingscada
kingalarm&event
kinggraphic
authentication bypass
remote attackers

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.083

Percentile

94.4%

WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130.

Affected configurations

Nvd
Node
wellintechkingalarm\&eventRange2.0.2
OR
wellintechkinggraphicRange3.1
OR
wellintechkingscadaRange3.1
VendorProductVersionCPE
wellintechkingalarm\&event*cpe:2.3:a:wellintech:kingalarm\&event:*:*:*:*:*:*:*:*
wellintechkinggraphic*cpe:2.3:a:wellintech:kinggraphic:*:*:*:*:*:*:*:*
wellintechkingscada*cpe:2.3:a:wellintech:kingscada:*:*:*:*:*:*:*:*

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.1

Confidence

Low

EPSS

0.083

Percentile

94.4%

Related for CVE-2013-2826