CVE-2012-1977 - Vulnerability Details - OpenCVE

WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.0026.

Key SSVC decision points have not yet been added.

Vendors	Products
Wellintech	Kingview

Configuration 1 [-]

cpe:2.3:a:wellintech:kingview:3.0:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2012-1986	WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file.

Fixes

Solution

WellinTech has provided the following link to the latest version of KingSCADA: http://download.kingview.com/software/KingSCADA/EN/KingSCADA3.1_2012-04-16EN.rar . According to WellinTech, this new version securely hashes passwords.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://dsecrg.com/pages/vul/show.php?id=405
http://www.us-cert.gov/control_systems/pdf/ICSA-12-129-01.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-12-129-01

History

Thu, 26 Jun 2025 21:45:00 +0000

Type	Values Removed	Values Added
Title		WellinTech KingSCADA Missing Encryption of Sensitive Data
Weaknesses		CWE-311
References		https://www.cisa.gov/news-events/ics-advisories/icsa-12-129-01

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2012-05-09T10:00:00Z

Updated: 2025-06-26T21:30:25.305Z

Reserved: 2012-03-30T00:00:00Z

Link: CVE-2012-1977

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-05-09T10:33:15.020

Modified: 2025-06-26T22:15:24.103

Link: CVE-2012-1977

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "KingSCADA", "vendor": "WellinTech", "versions": [{"status": "affected", "version": "3.0"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Independent researchers Alexandr Polyakov and Alexey Sintsov from DSecRG identified an unsecure password encryption vulnerability in WellinTech KingSCADA application."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file.</p>"}], "value": "WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file."}], "metrics": [{"cvssV2_0": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-311", "description": "CWE-311", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-06-26T21:30:25.305Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-129-01"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>WellinTech has provided the following link to the latest version of KingSCADA: <a target=\"_blank\" rel=\"nofollow\" href=\"http://download.kingview.com/software/KingSCADA/EN/KingSCADA3.1_2012-04-16EN.rar\">http://download.kingview.com/software/KingSCADA/EN/KingSCADA3.1_2012-04-16EN.rar</a>.</p><p>According to WellinTech, this new version securely hashes passwords.</p>"}], "value": "WellinTech has provided the following link to the latest version of KingSCADA: http://download.kingview.com/software/KingSCADA/EN/KingSCADA3.1_2012-04-16EN.rar .\n\nAccording to WellinTech, this new version securely hashes passwords."}], "source": {"advisory": "ICSA-12-129-01", "discovery": "EXTERNAL"}, "title": "WellinTech KingSCADA Missing Encryption of Sensitive Data", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2012-1977", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://dsecrg.com/pages/vul/show.php?id=405", "refsource": "MISC", "url": "http://dsecrg.com/pages/vul/show.php?id=405"}, {"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-129-01.pdf", "refsource": "MISC", "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-129-01.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:17:27.498Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://dsecrg.com/pages/vul/show.php?id=405"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-129-01.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2012-1977", "datePublished": "2012-05-09T10:00:00Z", "dateReserved": "2012-03-30T00:00:00Z", "dateUpdated": "2025-06-26T21:30:25.305Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wellintech:kingview:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DAB5609B-2D1E-42F5-9C78-1460A21C8795", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file."}, {"lang": "es", "value": "WellinTech KingSCADA 3.0 utiliza un formato base64 en texto claro para el almacenamiento de contrase\u00f1as en user.db, lo que permite a atacantes locales o remotos obtener informaci\u00f3n sensible mediante la lectura de este archivo."}], "id": "CVE-2012-1977", "lastModified": "2025-06-26T22:15:24.103", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-05-09T10:33:15.020", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-129-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dsecrg.com/pages/vul/show.php?id=405"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-129-01.pdf"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Secondary"}]}