WellinTech KingView ActiveX Multiple Arbitrary File Overwrite Vulnerabilities

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.

Synopsis :

The remote host has software installed that is affected by multiple
arbitrary file overwrite vulnerabilities.

Description :

The WellinTech KingView KChartXY.ocx and SuperGrid.ocx ActiveX
controls installed on the remote host do not properly sanitize user
input, which allows an attacker to overwrite arbitrary files.

Note that Nessus has not tested for these issues, but instead checked
that the ActiveX controls were present on the machine.

Solution :

Install the patches or implement one of the workarounds referenced in
the vendor's advisory.

Risk factor :

Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 5.0
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 70292 ()

Bugtraq ID: 62419

CVE ID: CVE-2013-6127

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial