Sign-up

ID

VAR-201205-0303


CVE

CVE-2012-1819


TITLE

WellinTech KingView Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2011-005042

DESCRIPTION

Untrusted search path vulnerability in WellinTech KingView 6.53 allows local users to gain privileges via a Trojan horse DLL in the current working directory. WellinTech KingView However, there is a vulnerability that can be obtained because the processing related to the search path is inadequate. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. DLL It may be possible to get permission through the file. KingView is a product for building data information service platforms for industrial automation. WellinTech KingView loads DLL files in an unsafe manner, and an attacker builds malicious files on a remote WebDAV or SMB share, enticing the user to parse, and can load malicious libraries in the application context. WellinTech KingView is prone to a vulnerability which allows attackers to execute arbitrary code. KingView 6.53 is vulnerable; other versions may also be affected

Trust: 2.61

sources: NVD: CVE-2012-1819 // JVNDB: JVNDB-2011-005042 // CNVD: CNVD-2012-2253 // BID: 53316 // IVD: e7a66bac-2353-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e7a66bac-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-2253

AFFECTED PRODUCTS

vendor:wellintechmodel:kingviewscope:eqversion:6.53

Trust: 2.5

vendor:wellintechmodel:kingviewscope:eqversion:65.30.17249 before

Trust: 0.8

vendor:kingviewmodel: - scope:eqversion:6.53

Trust: 0.2

sources: IVD: e7a66bac-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-2253 // BID: 53316 // JVNDB: JVNDB-2011-005042 // CNNVD: CNNVD-201205-012 // NVD: CVE-2012-1819

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1819
value: HIGH

Trust: 1.0

NVD: CVE-2012-1819
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201205-012
value: CRITICAL

Trust: 0.6

IVD: e7a66bac-2353-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2012-1819
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: e7a66bac-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: e7a66bac-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-005042 // CNNVD: CNNVD-201205-012 // NVD: CVE-2012-1819

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2011-005042 // NVD: CVE-2012-1819

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201205-012

TYPE

other

Trust: 0.8

sources: IVD: e7a66bac-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201205-012

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-005042

PATCH
title:Product News - Patch for KingView 6.53url:http://en.wellintech.com/news/detail.aspx?contentid=168
Trust: 0.8
title:Top Pageurl:http://en.wellintech.com/index.aspx
Trust: 0.8
title:Top Pageurl:http://www.wellintech.co.jp/
Trust: 0.8
title:WellinTech KingView DLL loads patches for arbitrary code execution vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/16593
Trust: 0.6
title:KV20120322-ENurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43042
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-2253 // 
            
            
            
            JVNDB: JVNDB-2011-005042 // 
            
            
            
            CNNVD: CNNVD-201205-012

EXTERNAL IDS
db:NVDid:CVE-2012-1819
Trust: 3.5
db:ICS CERTid:ICSA-12-122-01
Trust: 3.3
db:BIDid:53316
Trust: 1.3
db:CNVDid:CNVD-2012-2253
Trust: 0.8
db:CNNVDid:CNNVD-201205-012
Trust: 0.8
db:JVNDBid:JVNDB-2011-005042
Trust: 0.8
db:IVDid:E7A66BAC-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: e7a66bac-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2012-2253 // 
            
            
            
            BID: 53316 // 
            
            
            
            JVNDB: JVNDB-2011-005042 // 
            
            
            
            CNNVD: CNNVD-201205-012 // 
            
            
            
            NVD: CVE-2012-1819

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-122-01.pdf
Trust: 3.3
url:http://en.wellintech.com/news/detail.aspx?contentid=168
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/75309
Trust: 1.0
url:http://www.securityfocus.com/bid/53316
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1819
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1819
Trust: 0.8
url:http://blog.rapid7.com/?p=5325
Trust: 0.3
url:http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html
Trust: 0.3
url:http://en.wellintech.com/products/detail.aspx?contentid=15
Trust: 0.3
url:http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2012-2253 // 
            
            
            
            BID: 53316 // 
            
            
            
            JVNDB: JVNDB-2011-005042 // 
            
            
            
            CNNVD: CNNVD-201205-012 // 
            
            
            
            NVD: CVE-2012-1819

CREDITS
Carlos Mario Penagos Hollmann
Trust: 0.9
sources:
            
            
            BID: 53316 // 
            
            
            
            CNNVD: CNNVD-201205-012

SOURCES
db:IVDid:e7a66bac-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-2253
db:BIDid:53316
db:JVNDBid:JVNDB-2011-005042
db:CNNVDid:CNNVD-201205-012
db:NVDid:CVE-2012-1819

LAST UPDATE DATE
2025-04-11T22:53:43.505000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-2253date:2015-11-24T00:00:00
db:BIDid:53316date:2012-05-01T00:00:00
db:JVNDBid:JVNDB-2011-005042date:2012-05-07T00:00:00
db:CNNVDid:CNNVD-201205-012date:2012-05-23T00:00:00
db:NVDid:CVE-2012-1819date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:e7a66bac-2353-11e6-abef-000c29c66e3ddate:2012-05-03T00:00:00
db:CNVDid:CNVD-2012-2253date:2012-05-03T00:00:00
db:BIDid:53316date:2012-05-01T00:00:00
db:JVNDBid:JVNDB-2011-005042date:2012-05-07T00:00:00
db:CNNVDid:CNNVD-201205-012date:2012-05-03T00:00:00
db:NVDid:CVE-2012-1819date:2012-05-02T22:55:02.140