CVE-2013-2826

Published: Jan 15, 2014Modified: Apr 29, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130.

Affected (3)

Products: Wellintech: Kingalarm&event, Kinggraphic, Kingscada

3 products

Kingalarm&event

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Wellintech Kingalarm&event	Up to 2.0.2
Wellintech Kinggraphic	Up to 3.1
Wellintech Kingscada	Up to 3.1

Related CWEs

References (2)

http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01

Source: ics-cert@hq.dhs.gov

PatchUS Government Resource

http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01

Source: af854a3a-2127-422b-91ae-364da2661108

PatchUS Government Resource

Timeline

No history available yet.