CVE-2013-2826 — MEDIUM (6.4)

Q: How severe is CVE-2013-2826?

CVE-2013-2826 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-2826?

Check the references section above for vendor advisories and patch information. Affected products include: Wellintech Kingalarm\&Event, Wellintech Kinggraphic, Wellintech Kingscada.

Vulnerability Description

WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130.

CVSS Score

6.4

MEDIUM

AV:N/AC:L/Au:N/C:P/I:P/A:N

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Wellintech	Kingalarm\&Event	<= 2.0.2
Wellintech	Kinggraphic	<= 3.1
Wellintech	Kingscada	<= 3.1

Related Weaknesses (CWE)

CWE-264

References

http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01PatchUS Government Resource
http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01PatchUS Government Resource

FAQ

What is CVE-2013-2826?

CVE-2013-2826 is a vulnerability with a CVSS score of 6.4 (MEDIUM). WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attack...

How severe is CVE-2013-2826?

CVE-2013-2826 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-2826?

Check the references section above for vendor advisories and patch information. Affected products include: Wellintech Kingalarm\&Event, Wellintech Kinggraphic, Wellintech Kingscada.