CVE-2013-6127

The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01	US Government Resource
http://www.exploit-db.com/exploits/28084/	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:wellintech:kingview::::::::
	cpe:2.3:a:wellintech:kingview:3.0:::::::*
	cpe:2.3:a:wellintech:kingview:6.52:::::::*

History

No history.

Information

Published : 2013-10-25 20:55

Updated : 2023-12-10 11:16

NVD link : CVE-2013-6127

Mitre link : CVE-2013-6127

CVE.ORG link : CVE-2013-6127

JSON object : View

Products Affected

wellintech

kingview

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2013-6127", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-25T20:55:03.500", "references": [{"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01", "tags": ["US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.exploit-db.com/exploits/28084/", "tags": ["Exploit"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack."}, {"lang": "es", "value": "El control SUPERGRIDLib.SuperGrid ActiveX en SuperGrid.ocx anterior a la versi\u00f3n 65.30.30000.10002 de WellinTech KingView anterior a la versi\u00f3n 6.53 no restringe adecuadamente los m\u00e9todos de llamada ReplaceDBFile, lo que permite a atacantes remotos crear y sobreescribir archivos arbitrarios, y posteriormente ejecutar programas arbitrarios, a trav\u00e9s de dos argumentos pathname, como lo demuestra un ataque de recorrido de directorio."}], "lastModified": "2013-10-28T13:32:46.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wellintech:kingview:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39B19F35-84B4-45AE-96D9-352213070CBC", "versionEndIncluding": "6.53"}, {"criteria": "cpe:2.3:a:wellintech:kingview:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAB5609B-2D1E-42F5-9C78-1460A21C8795"}, {"criteria": "cpe:2.3:a:wellintech:kingview:6.52:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37C00AAD-8824-4F27-8203-EBBDB879772D"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}