exploitDog

CVE-2013-2826

Опубликовано: 15 янв. 2014

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130.

Ссылки

http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01
Patch
US Government Resource
http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01
Patch
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:wellintech:kingalarm\&event:*:*:*:*:*:*:*:*

Версия до 2.0.2 (включая)

cpe:2.3:a:wellintech:kinggraphic:*:*:*:*:*:*:*:*

Версия до 3.1 (включая)

cpe:2.3:a:wellintech:kingscada:*:*:*:*:*:*:*:*

Версия до 3.1 (включая)

EPSS

Процентиль: 50%

0.00272

Низкий

6.4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-7cf4-6qj9-hw7m

github

больше 3 лет назад

WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130.

EPSS

Процентиль: 50%

0.00272

Низкий

6.4 Medium

CVSS2

Дефекты

CWE-264