PT-2014-2637 · Wellintech · Kingalarm&Event+2

Andrea Micalizzi

Publicado

2014-01-15

Atualizado

2014-02-05

CVE-2013-2826

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions WellinTech KingSCADA versions prior to 3.1.2 WellinTech KingAlarm&Event versions prior to 3.1 WellinTech KingGraphic versions prior to 3.1.2

Description The issue allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130, due to authentication being performed on the KAEClientManager console rather than on the server.

Recommendations For WellinTech KingSCADA versions prior to 3.1.2, update to version 3.1.2 or later. For WellinTech KingAlarm&Event versions prior to 3.1, update to version 3.1 or later. For WellinTech KingGraphic versions prior to 3.1.2, update to version 3.1.2 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2013-2826

ZDI-14-012

Produtos afetados

Kingalarm&Event

Kinggraphic

Kingscada

PT-2014-2637 · Wellintech · Kingalarm&Event+2

CVE-2013-2826

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3