ActiveX Control Vulnerability in WellinTech KingSCADA Products
CVE-2013-2827

Currently unrated

Key Information:

Vendor: Wellintech
Status: Kinggraphic; Kingscada; Kingalarm\&event
Vendor: CVE Published:; 15 January 2014

Summary

An unspecified vulnerability in an ActiveX control present in various WellinTech KingSCADA products allows remote attackers to exploit the ProjectURL property. This exploitation facilitates the downloading of arbitrary DLL files onto a client machine, enabling attackers to execute their malicious code without user consent. Proper security measures and updates should be implemented to mitigate the risk associated with this vulnerability.

References

http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01

x_refsource_MISC

EPSS Score

43% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 15, 2014
Vulnerability Reserved
Apr 11, 2013