Authentication Bypass in WellinTech KingSCADA and Related Products
CVE-2013-2826

Currently unrated

Key Information:

Vendor: Wellintech
Status: Kinggraphic; Kingscada; Kingalarm\&event
Vendor: CVE Published:; 15 January 2014

Summary

The WellinTech KingSCADA suite, including KingAlarm&Event and KingGraphic, is vulnerable to an authentication bypass issue. This occurs when authentication is performed on the KAEClientManager console instead of the server-side. As a result, remote attackers can exploit this flaw to bypass access restrictions by sending crafted packets to TCP port 8130. This vulnerability could potentially allow unauthorized access to sensitive information, including user credentials, posing significant security risks.

References

http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01

x_refsource_MISC

Timeline

Vulnerability published
Jan 15, 2014
Vulnerability Reserved
Apr 11, 2013