WellinTech KingView ActiveX Multiple Arbitrary File Overwrite Vulnerabilities

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote host has software installed that is affected by multiple
arbitrary file overwrite vulnerabilities.

Description :

The WellinTech KingView KChartXY.ocx and SuperGrid.ocx ActiveX
controls installed on the remote host do not properly sanitize user
input, which allows an attacker to overwrite arbitrary files.

Note that Nessus has not tested for these issues, but instead checked
that the ActiveX controls were present on the machine.

Solution :

Install the patches or implement one of the workarounds referenced in
the vendor's advisory.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 70292 ()

Bugtraq ID: 62419

CVE ID: CVE-2013-6127
CVE-2013-6128