Details of VAR-201401-0054

ID

VAR-201401-0054

CVE

CVE-2013-2826

TITLE

plural WellinTech Vulnerabilities that can bypass access restrictions in products

Trust: 0.8

sources: JVNDB: JVNDB-2014-001175

DESCRIPTION

WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WellinTech KingSCADA KingAlarm&Event. Authentication is not required to exploit this vulnerability. The specific flaw exists within KAEManageServer.exe, which listens by default on TCP port 8130. Authentication to this service is performed locally through the KAEClientManager console but no authentication is performed against remote connections. A remote attacker with knowledge of the protocol can use this to disclose certain credentials and login to the Oracle database as a legitimate user. KingSCADA is a versatile industrial monitoring software that integrates process control design, field operations and plant resource management. KingGraphic can access data from multiple industrial real-time databases and relational databases. Wait. Multiple WellinTech products are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks

Trust: 3.24

sources: NVD: CVE-2013-2826 // JVNDB: JVNDB-2014-001175 // ZDI: ZDI-14-012 // CNVD: CNVD-2014-00423 // BID: 64938 // IVD: 4c53be94-2352-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 4c53be94-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00423

AFFECTED PRODUCTS

vendor:	wellintech	model:	kingscada	scope:	eq	version:	3.1	Trust: 1.2
vendor:	wellintech	model:	kinggraphic	scope:	eq	version:	3.1	Trust: 1.2
vendor:	wellintech	model:	kinggraphic	scope:	lte	version:	3.1	Trust: 1.0
vendor:	wellintech	model:	kingalarm\&event	scope:	lte	version:	2.0.2	Trust: 1.0
vendor:	wellintech	model:	kingscada	scope:	lte	version:	3.1	Trust: 1.0
vendor:	wellintech	model:	kingalarm&event	scope:	lt	version:	3.1	Trust: 0.8
vendor:	wellintech	model:	kinggraphic	scope:	lt	version:	3.1.2	Trust: 0.8
vendor:	wellintech	model:	kingscada	scope:	lt	version:	3.1.2	Trust: 0.8
vendor:	wellintech	model:	kingalarm & event	scope:	-	version:	-	Trust: 0.7
vendor:	wellintech	model:	kingalarm&event	scope:	eq	version:	2.0.2	Trust: 0.6
vendor:	wellintech	model:	kingalarm\&event	scope:	eq	version:	2.0.2	Trust: 0.6
vendor:	wellintech	model:	kingscada	scope:	eq	version:	3.0	Trust: 0.3
vendor:	kingalarm event	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	kinggraphic	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	kingscada	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 4c53be94-2352-11e6-abef-000c29c66e3d // ZDI: ZDI-14-012 // CNVD: CNVD-2014-00423 // BID: 64938 // JVNDB: JVNDB-2014-001175 // CNNVD: CNNVD-201401-297 // NVD: CVE-2013-2826

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-2826
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-2826
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2013-2826
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2014-00423
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201401-297
value:	MEDIUM
Trust: 0.6
IVD:	4c53be94-2352-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2013-2826
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2013-2826
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2014-00423
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	4c53be94-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 4c53be94-2352-11e6-abef-000c29c66e3d // ZDI: ZDI-14-012 // CNVD: CNVD-2014-00423 // JVNDB: JVNDB-2014-001175 // CNNVD: CNNVD-201401-297 // NVD: CVE-2013-2826

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2014-001175 // NVD: CVE-2013-2826

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-297

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201401-297

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001175

PATCH

title:	Top Page	url:	http://www.wellintech.com/	Trust: 0.8
title:	Top Page	url:	http://www.wellintech.co.jp/	Trust: 0.8
title:	WellinTech has issued an update to correct this vulnerability.	url:	http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01	Trust: 0.7
title:	Patch of multiple WellinTech products ActiveX Remote Information Disclosure Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/42548	Trust: 0.6

sources: ZDI: ZDI-14-012 // CNVD: CNVD-2014-00423 // JVNDB: JVNDB-2014-001175

EXTERNAL IDS

db:	NVD	id:	CVE-2013-2826	Trust: 4.2
db:	ICS CERT	id:	ICSA-13-344-01	Trust: 3.0
db:	BID	id:	64938	Trust: 0.9
db:	CNVD	id:	CNVD-2014-00423	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-297	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001175	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-1553	Trust: 0.7
db:	ZDI	id:	ZDI-14-012	Trust: 0.7
db:	SECUNIA	id:	56443	Trust: 0.6
db:	IVD	id:	4C53BE94-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-13-344-01	Trust: 3.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2826	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2826	Trust: 0.8
url:	http://secunia.com/advisories/56443/	Trust: 0.6

sources: ZDI: ZDI-14-012 // CNVD: CNVD-2014-00423 // JVNDB: JVNDB-2014-001175 // CNNVD: CNNVD-201401-297 // NVD: CVE-2013-2826

CREDITS

Andrea Micalizzi aka rgod

Trust: 0.7

sources: ZDI: ZDI-14-012

SOURCES

db:	IVD	id:	4c53be94-2352-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-14-012
db:	CNVD	id:	CNVD-2014-00423
db:	BID	id:	64938
db:	JVNDB	id:	JVNDB-2014-001175
db:	CNNVD	id:	CNNVD-201401-297
db:	NVD	id:	CVE-2013-2826

LAST UPDATE DATE

2025-04-11T23:05:34.350000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-14-012	date:	2014-02-05T00:00:00
db:	CNVD	id:	CNVD-2014-00423	date:	2014-01-17T00:00:00
db:	BID	id:	64938	date:	2014-02-05T17:45:00
db:	JVNDB	id:	JVNDB-2014-001175	date:	2014-01-20T00:00:00
db:	CNNVD	id:	CNNVD-201401-297	date:	2014-01-20T00:00:00
db:	NVD	id:	CVE-2013-2826	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	4c53be94-2352-11e6-abef-000c29c66e3d	date:	2014-01-17T00:00:00
db:	ZDI	id:	ZDI-14-012	date:	2014-02-05T00:00:00
db:	CNVD	id:	CNVD-2014-00423	date:	2014-01-17T00:00:00
db:	BID	id:	64938	date:	2014-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2014-001175	date:	2014-01-20T00:00:00
db:	CNNVD	id:	CNNVD-201401-297	date:	2014-01-20T00:00:00
db:	NVD	id:	CVE-2013-2826	date:	2014-01-15T16:08:18.140