MEDIUMπŸ‡΅πŸ‡± Wersja polska

CVE-2013-2826

CVSS 6.4v2.0pub. 2014-01-15upd. 2026-04-29

WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130.

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:N
  • Wellintech Kingalarm\&event

    APP
    Wellintech
    ≀ 2.0.2
  • Wellintech Kinggraphic

    APP
    Wellintech
    ≀ 3.1
  • Wellintech Kingscada

    APP
    Wellintech
    ≀ 3.1
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2018-20410HIGH7.5ten sam produkt

WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow. The vulnerability is triggered w...

CVE-2014-0787HIGH10.0ten sam produkt

Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitra...

CVE-2013-2827HIGH7.5ten sam produkt

An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraph...

CVE-2022-43663HIGH8.1ten sam vendor

An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHist...

CVE-2022-45124HIGH7.5ten sam vendor

An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHist...

CVE-2013-2826 β€” Wellintech β€” Kingalarm\&Event β€” MEDIUM β€” CVSS 6.4 | CVEbaza.pl