MEDIUM🇬🇧 English

CVE-2013-2826

CVSS 6.4v2.0pub. 2014-01-15upd. 2026-04-29

WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:N
  • Wellintech Kingalarm\&event

    APP
    Wellintech
    ≤ 2.0.2
  • Wellintech Kinggraphic

    APP
    Wellintech
    ≤ 3.1
  • Wellintech Kingscada

    APP
    Wellintech
    ≤ 3.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2018-20410HIGH7.5ten sam produkt

WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow. The vulnerability is triggered w...

CVE-2014-0787HIGH10.0ten sam produkt

Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitra...

CVE-2013-2827HIGH7.5ten sam produkt

An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraph...

CVE-2022-43663HIGH8.1ten sam vendor

An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHist...

CVE-2022-45124HIGH7.5ten sam vendor

An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHist...