WellinTech KingSCADA < 18.104.22.168-EN 'kxClientDownload.ocx' ActiveX RCE
High Nessus Plugin ID 83774
SynopsisThe WellinTech KingSCADA server installed on the remote host is affected by a remote code execution vulnerability.
DescriptionThe WellinTech KingSCADA server installed on the remote host is a version prior to 22.214.171.124-EN. It is, therefore, affected by a vulnerability in the 'kxClientDownload.ocx' ActiveX control. A remote attacker, by setting the ProjectURL property, can exploit this to download an arbitrary DLL file from a remote location, thus allowing the injection of executable code.
SolutionUpgrade KingSCADA to version 126.96.36.199-EN.