What is CVE-2013-2827?

CVE-2013-2827 is a vulnerability in Wellintech Kingalarm\&event, classified under Code Injection. Published 2014-01-15.

Is CVE-2013-2827 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Wellintech Kingalarm\&event

CVE-2013-2827

An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the Projec…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.605 (98.3th percentile) — read the EPSS interpretation.

Affected products

Wellintech Kingalarm\&event
Wellintech Kinggraphic
Wellintech Kingscada
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

ics-cert@hq.dhs.gov (US Government Resource, Patch, x_refsource_MISC)

Frequently asked questions

What is CVE-2013-2827?: CVE-2013-2827 is a vulnerability in Wellintech Kingalarm\&event, classified under Code Injection. Published 2014-01-15.
Is CVE-2013-2827 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.