ID

VAR-201205-0115


CVE

CVE-2012-1977


TITLE

WellinTech KingSCADA Trust Management Vulnerability

Trust: 1.6

sources: IVD: 7d7a93e1-463f-11e9-a373-000c29342cb1 // IVD: dbcbb6de-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8819 // CNNVD: CNNVD-201205-178

DESCRIPTION

WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file. KingSCADA is a SCADA product for the high and mid-end markets. KingSCADA stores the password in the user64 file in Base64 format, and the user can easily decode and access the SCADA server. KingSCADA is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain the password of the affected device. KingSCADA 3.0 is vulnerable; other versions may also be affected

Trust: 3.51

sources: NVD: CVE-2012-1977 // JVNDB: JVNDB-2012-002373 // CNVD: CNVD-2012-0343 // CNVD: CNVD-2012-8819 // BID: 51582 // IVD: 7d7a93e1-463f-11e9-a373-000c29342cb1 // IVD: dbcbb6de-2353-11e6-abef-000c29c66e3d // IVD: 08e4171e-1f77-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.8

sources: IVD: 7d7a93e1-463f-11e9-a373-000c29342cb1 // IVD: dbcbb6de-2353-11e6-abef-000c29c66e3d // IVD: 08e4171e-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0343 // CNVD: CNVD-2012-8819

AFFECTED PRODUCTS

vendor:wellintechmodel:kingviewscope:eqversion:3.0

Trust: 2.4

vendor:kingviewmodel: - scope:eqversion:3.0

Trust: 0.6

vendor:icpmodel:das usa kingscadascope:eqversion:3.0

Trust: 0.6

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:wellintechmodel:kingscadascope:eqversion:3.0

Trust: 0.3

sources: IVD: 7d7a93e1-463f-11e9-a373-000c29342cb1 // IVD: dbcbb6de-2353-11e6-abef-000c29c66e3d // IVD: 08e4171e-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0343 // CNVD: CNVD-2012-8819 // BID: 51582 // JVNDB: JVNDB-2012-002373 // CNNVD: CNNVD-201205-178 // NVD: CVE-2012-1977

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-1977
value: HIGH

Trust: 1.0

NVD: CVE-2012-1977
value: HIGH

Trust: 0.8

CNVD: CNVD-2012-8819
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201205-178
value: HIGH

Trust: 0.6

IVD: 7d7a93e1-463f-11e9-a373-000c29342cb1
value: HIGH

Trust: 0.2

IVD: dbcbb6de-2353-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: 08e4171e-1f77-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2012-1977
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2012-8819
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d7a93e1-463f-11e9-a373-000c29342cb1
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: dbcbb6de-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 08e4171e-1f77-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 7d7a93e1-463f-11e9-a373-000c29342cb1 // IVD: dbcbb6de-2353-11e6-abef-000c29c66e3d // IVD: 08e4171e-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8819 // JVNDB: JVNDB-2012-002373 // CNNVD: CNNVD-201205-178 // NVD: CVE-2012-1977

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2012-002373 // NVD: CVE-2012-1977

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201201-376 // CNNVD: CNNVD-201205-178

TYPE

Trust management

Trust: 1.2

sources: IVD: 7d7a93e1-463f-11e9-a373-000c29342cb1 // IVD: dbcbb6de-2353-11e6-abef-000c29c66e3d // IVD: 08e4171e-1f77-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201205-178

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-002373

PATCH

title:Top Pageurl:http://en.wellintech.com/index.aspx

Trust: 0.8

title:Top Pageurl:http://www.wellintech.co.jp

Trust: 0.8

title:WellinTech KingSCADA Trust Management Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/36034

Trust: 0.6

sources: CNVD: CNVD-2012-8819 // JVNDB: JVNDB-2012-002373

EXTERNAL IDS

db:NVDid:CVE-2012-1977

Trust: 3.9

db:ICS CERTid:ICSA-12-129-01

Trust: 2.7

db:BIDid:51582

Trust: 1.5

db:CNNVDid:CNNVD-201205-178

Trust: 1.2

db:ICS CERT ALERTid:ICS-ALERT-12-020-06

Trust: 1.1

db:CNVDid:CNVD-2012-8819

Trust: 1.0

db:CNVDid:CNVD-2012-0343

Trust: 0.8

db:JVNDBid:JVNDB-2012-002373

Trust: 0.8

db:CNNVDid:CNNVD-201201-376

Trust: 0.6

db:IVDid:7D7A93E1-463F-11E9-A373-000C29342CB1

Trust: 0.2

db:IVDid:DBCBB6DE-2353-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:08E4171E-1F77-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 7d7a93e1-463f-11e9-a373-000c29342cb1 // IVD: dbcbb6de-2353-11e6-abef-000c29c66e3d // IVD: 08e4171e-1f77-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0343 // CNVD: CNVD-2012-8819 // BID: 51582 // JVNDB: JVNDB-2012-002373 // CNNVD: CNNVD-201201-376 // CNNVD: CNNVD-201205-178 // NVD: CVE-2012-1977

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-129-01.pdf

Trust: 2.7

url:http://dsecrg.com/pages/vul/show.php?id=405

Trust: 2.2

url:http://www.us-cert.gov/control_systems/pdf/ics-alert-12-020-06.pdf

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1977

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1977

Trust: 0.8

url:http://www.adobe.com/support/security/bulletins/apsb11-13.html

Trust: 0.6

url:http://www.securityfocus.com/bid/51582

Trust: 0.6

url:http://en.wellintech.com/products/detail.aspx?contentid=14

Trust: 0.3

sources: CNVD: CNVD-2012-0343 // CNVD: CNVD-2012-8819 // BID: 51582 // JVNDB: JVNDB-2012-002373 // CNNVD: CNNVD-201201-376 // CNNVD: CNNVD-201205-178 // NVD: CVE-2012-1977

CREDITS

Alexandr Polyakov and Alexey Sintsov

Trust: 0.9

sources: BID: 51582 // CNNVD: CNNVD-201201-376

SOURCES

db:IVDid:7d7a93e1-463f-11e9-a373-000c29342cb1
db:IVDid:dbcbb6de-2353-11e6-abef-000c29c66e3d
db:IVDid:08e4171e-1f77-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0343
db:CNVDid:CNVD-2012-8819
db:BIDid:51582
db:JVNDBid:JVNDB-2012-002373
db:CNNVDid:CNNVD-201201-376
db:CNNVDid:CNNVD-201205-178
db:NVDid:CVE-2012-1977

LAST UPDATE DATE

2024-08-14T15:08:57.416000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0343date:2012-02-01T00:00:00
db:CNVDid:CNVD-2012-8819date:2012-05-10T00:00:00
db:BIDid:51582date:2012-05-08T22:10:00
db:JVNDBid:JVNDB-2012-002373date:2012-09-03T00:00:00
db:CNNVDid:CNNVD-201201-376date:2012-02-01T00:00:00
db:CNNVDid:CNNVD-201205-178date:2012-05-10T00:00:00
db:NVDid:CVE-2012-1977date:2012-08-29T04:00:00

SOURCES RELEASE DATE

db:IVDid:7d7a93e1-463f-11e9-a373-000c29342cb1date:2012-05-10T00:00:00
db:IVDid:dbcbb6de-2353-11e6-abef-000c29c66e3ddate:2012-05-10T00:00:00
db:IVDid:08e4171e-1f77-11e6-abef-000c29c66e3ddate:2012-02-01T00:00:00
db:CNVDid:CNVD-2012-0343date:2012-02-01T00:00:00
db:CNVDid:CNVD-2012-8819date:2012-05-10T00:00:00
db:BIDid:51582date:2012-01-20T00:00:00
db:JVNDBid:JVNDB-2012-002373date:2012-05-10T00:00:00
db:CNNVDid:CNNVD-201201-376date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201205-178date:2012-05-10T00:00:00
db:NVDid:CVE-2012-1977date:2012-05-09T10:33:15.020