3.1.2.13

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

wellintech

CWE-787

NVD

Published: 2018-12-24

Updated: 2020-08-24

Summary

WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow. The vulnerability is triggered when sending a specially crafted packet to the AlarmServer (AEserver.exe) service listening on TCP port 12401.

Vulnerable Configurations

Part	Description	Count
Application	Wellintech Wellintech Kingscada 3.1 Wellintech Kingscada 3.1.2 Wellintech Kingscada 3.1.2.13	3

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/flypuma/vul/blob/master/kingview/copy_argumengt_overflow/Debugging.md
https://github.com/flypuma/vul/blob/master/kingview/copy_argumengt_overflow/poc.py