WellinTech KingView ActiveX Multiple Arbitrary File Overwrite Vulnerabilities

Medium Nessus Plugin ID 70292


The remote host has software installed that is affected by multiple arbitrary file overwrite vulnerabilities.


The WellinTech KingView KChartXY.ocx and SuperGrid.ocx ActiveX controls installed on the remote host do not properly sanitize user input, which allows an attacker to overwrite arbitrary files.

Note that Nessus has not tested for these issues, but instead checked that the ActiveX controls were present on the machine.


Install the patches or implement one of the workarounds referenced in the vendor's advisory.

Plugin Details

Severity: Medium

ID: 70292

File Name: scada_kingview_activex.nbin

Version: $Revision: 1.116 $

Type: local

Family: SCADA

Published: 2013/10/03

Modified: 2018/03/13

Dependencies: 13855

Risk Information

Risk Factor: Medium


Base Score: 5.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:wellintech:kingview

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2013/10/22

Vulnerability Publication Date: 2013/09/13

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2013-6127, CVE-2013-6128

BID: 62419

OSVDB: 97014, 97015

EDB-ID: 28084, 28085

ICS-ALERT: 13-256-01, 13-295-01