| CVE ID | CVE-2013-2827 |
| CVSS SCORE | 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P |
| AFFECTED VENDORS |
WellinTech |
| AFFECTED PRODUCTS |
KingScada KingGraphic |
| VULNERABILITY DETAILS |
The specific flaw exists within the kxClientDownload.ocx ActiveX control. By properly setting the ProjectURL property, it is possible for an attacker to download and load an arbitrary DLL file from a remote location. An attacker can leverage this vulnerability to execute code under the context of the administrator. |
| ADDITIONAL DETAILS |
WellinTech has issued an update to correct this vulnerability. More details can be found at:
http://ics-cert.us-cert.gov/advisories/ICSA-13-344-01 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Andrea Micalizzi aka rgod |
