Sign-up

ID

VAR-201310-0404


CVE

CVE-2013-6127


TITLE

WellinTech KingView ActiveX Multiple arbitrary file coverage vulnerabilities

Trust: 1.2

sources: IVD: 89f639b6-2352-11e6-abef-000c29c66e3d // IVD: 89fad822-2352-11e6-abef-000c29c66e3d // IVD: ce5c0e88-1f0a-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201309-273

DESCRIPTION

The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack. Kingview is the first SCADA product launched by Asia Control for small and medium-sized projects for monitoring and controlling automation equipment and processes. WellinTech KingView ActiveX has multiple arbitrary file coverage vulnerabilities. Because the program fails to properly filter user input, an attacker can exploit the vulnerability to save arbitrary files on the affected application context computer. WellinTech KingView is prone to multiple insecure-method vulnerabilities because it fails to properly sanitize user-supplied input. KingView 6.53 is vulnerable; other versions may also be affected

Trust: 2.97

sources: NVD: CVE-2013-6127 // JVNDB: JVNDB-2013-004901 // CNVD: CNVD-2013-13162 // BID: 62419 // IVD: 89f639b6-2352-11e6-abef-000c29c66e3d // IVD: 89fad822-2352-11e6-abef-000c29c66e3d // IVD: ce5c0e88-1f0a-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.2

sources: IVD: 89f639b6-2352-11e6-abef-000c29c66e3d // IVD: 89fad822-2352-11e6-abef-000c29c66e3d // IVD: ce5c0e88-1f0a-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13162

AFFECTED PRODUCTS

vendor:wellintechmodel:kingviewscope:eqversion:3.0

Trust: 1.6

vendor:wellintechmodel:kingviewscope:eqversion:6.52

Trust: 1.6

vendor:wellintechmodel:kingviewscope:eqversion:6.53

Trust: 1.5

vendor:wellintechmodel:kingviewscope:lteversion:6.53

Trust: 1.0

vendor:wellintechmodel:kingviewscope:ltversion:6.53 (supergrid.ocx 65.30.30000.10002 )

Trust: 0.8

vendor:kingviewmodel: - scope:eqversion:3.0

Trust: 0.6

vendor:kingviewmodel: - scope:eqversion:6.52

Trust: 0.6

vendor:kingviewmodel: - scope:eqversion:*

Trust: 0.6

sources: IVD: 89f639b6-2352-11e6-abef-000c29c66e3d // IVD: 89fad822-2352-11e6-abef-000c29c66e3d // IVD: ce5c0e88-1f0a-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13162 // BID: 62419 // JVNDB: JVNDB-2013-004901 // CNNVD: CNNVD-201309-273 // NVD: CVE-2013-6127

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6127
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6127
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-13162
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201309-273
value: MEDIUM

Trust: 0.6

IVD: 89f639b6-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 89fad822-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: ce5c0e88-1f0a-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2013-6127
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-13162
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 89f639b6-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 89fad822-2352-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: ce5c0e88-1f0a-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 89f639b6-2352-11e6-abef-000c29c66e3d // IVD: 89fad822-2352-11e6-abef-000c29c66e3d // IVD: ce5c0e88-1f0a-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13162 // JVNDB: JVNDB-2013-004901 // CNNVD: CNNVD-201309-273 // NVD: CVE-2013-6127

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2013-004901 // NVD: CVE-2013-6127

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-273

TYPE

Path traversal

Trust: 1.2

sources: IVD: 89f639b6-2352-11e6-abef-000c29c66e3d // IVD: 89fad822-2352-11e6-abef-000c29c66e3d // IVD: ce5c0e88-1f0a-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201309-273

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004901

PATCH
title:Top Pageurl:http://en.wellintech.com/
Trust: 0.8
title:トップページurl:http://www.wellintech.co.jp/
Trust: 0.8
title:WellinTech KingView ActiveX has multiple patches for arbitrary file coverage vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/67162
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13162 // 
            
            
            
            JVNDB: JVNDB-2013-004901

EXTERNAL IDS
db:NVDid:CVE-2013-6127
Trust: 3.9
db:ICS CERTid:ICSA-13-295-01
Trust: 2.4
db:EXPLOIT-DBid:28084
Trust: 1.6
db:BIDid:62419
Trust: 1.5
db:CNVDid:CNVD-2013-13162
Trust: 1.2
db:CNNVDid:CNNVD-201309-273
Trust: 1.2
db:JVNDBid:JVNDB-2013-004901
Trust: 0.8
db:ICS CERT ALERTid:ICS-ALERT-13-256-01
Trust: 0.6
db:IVDid:89F639B6-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:89FAD822-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:CE5C0E88-1F0A-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 89f639b6-2352-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: 89fad822-2352-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: ce5c0e88-1f0a-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-13162 // 
            
            
            
            BID: 62419 // 
            
            
            
            JVNDB: JVNDB-2013-004901 // 
            
            
            
            CNNVD: CNNVD-201309-273 // 
            
            
            
            NVD: CVE-2013-6127

REFERENCES
url:http://ics-cert.us-cert.gov/advisories/icsa-13-295-01
Trust: 2.4
url:http://www.exploit-db.com/exploits/28084/
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6127
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6127
Trust: 0.8
url:http://ics-cert.us-cert.gov/alerts/ics-alert-13-256-01
Trust: 0.6
url:http://www.securityfocus.com/bid/62419
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13162 // 
            
            
            
            JVNDB: JVNDB-2013-004901 // 
            
            
            
            CNNVD: CNNVD-201309-273 // 
            
            
            
            NVD: CVE-2013-6127

CREDITS
Blake
Trust: 0.9
sources:
            
            
            BID: 62419 // 
            
            
            
            CNNVD: CNNVD-201309-273

SOURCES
db:IVDid:89f639b6-2352-11e6-abef-000c29c66e3d
db:IVDid:89fad822-2352-11e6-abef-000c29c66e3d
db:IVDid:ce5c0e88-1f0a-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-13162
db:BIDid:62419
db:JVNDBid:JVNDB-2013-004901
db:CNNVDid:CNNVD-201309-273
db:NVDid:CVE-2013-6127

LAST UPDATE DATE
2025-04-11T23:09:49.627000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-13162date:2015-11-24T00:00:00
db:BIDid:62419date:2013-10-23T00:37:00
db:JVNDBid:JVNDB-2013-004901date:2013-10-29T00:00:00
db:CNNVDid:CNNVD-201309-273date:2013-10-28T00:00:00
db:NVDid:CVE-2013-6127date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:89f639b6-2352-11e6-abef-000c29c66e3ddate:2013-09-22T00:00:00
db:IVDid:89fad822-2352-11e6-abef-000c29c66e3ddate:2013-09-22T00:00:00
db:IVDid:ce5c0e88-1f0a-11e6-abef-000c29c66e3ddate:2013-09-22T00:00:00
db:CNVDid:CNVD-2013-13162date:2013-09-22T00:00:00
db:BIDid:62419date:2013-09-04T00:00:00
db:JVNDBid:JVNDB-2013-004901date:2013-10-29T00:00:00
db:CNNVDid:CNNVD-201309-273date:2013-09-18T00:00:00
db:NVDid:CVE-2013-6127date:2013-10-25T20:55:03.500