CVE-2013-2827 - OpenCVE

An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wellintech	Kingalarm\&event Kinggraphic Kingscada

Configuration 1 [-]

OR	cpe:2.3:a:wellintech:kingalarm\&event::::::::
	cpe:2.3:a:wellintech:kinggraphic::::::::
	cpe:2.3:a:wellintech:kingscada::::::::

No data.

References

Link	Providers
http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2014-01-15T16:00:00

Updated: 2024-08-06T15:52:20.033Z

Reserved: 2013-04-11T00:00:00

Link: CVE-2013-2827

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-01-15T16:08:18.173

Modified: 2014-01-16T17:21:02.680

Link: CVE-2013-2827

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-01-14T00:00:00", "descriptions": [{"lang": "en", "value": "An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-15T16:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2013-2827", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:52:20.033Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2013-2827", "datePublished": "2014-01-15T16:00:00", "dateReserved": "2013-04-11T00:00:00", "dateUpdated": "2024-08-06T15:52:20.033Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wellintech:kingalarm\\&event:*:*:*:*:*:*:*:*", "matchCriteriaId": "300D5A7D-D07F-43CF-BE26-31A6BE788628", "versionEndIncluding": "2.0.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:wellintech:kinggraphic:*:*:*:*:*:*:*:*", "matchCriteriaId": "507960DD-82AA-4314-B85F-D2C79EBB3350", "versionEndIncluding": "3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wellintech:kingscada:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE5B1C33-BAB3-4354-B199-B6D7404EF1B6", "versionEndIncluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value."}, {"lang": "es", "value": "Un control ActiveX no especificado en WellinTech KingSCADA anteriores a 3.1.2, KingAlarm Event anteriores a 3.1, y KingGraphic anteriores a 3.1.2 permite a atacantes remotos descargar c\u00f3digo DLL arbitrariamente en una m\u00e1quina cliente y ejecutar dicho c\u00f3digo a trav\u00e9s de la propiedad ProjectURL."}], "id": "CVE-2013-2827", "lastModified": "2014-01-16T17:21:02.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-01-15T16:08:18.173", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}