CVE-2012-1977
published 2012-05-09CVE-2012-1977: WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive…
PriorityP422high7.1CVSS 2.0
AVNACMAuNCCINAN
EPSS
0.80%
51.9th percentile
WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wellintech | kingscada | — | — |
| wellintech | kingview | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
WellinTech KingSCADA Insecure Password Encryption
cisa_ics·2012-01-20
WellinTech KingSCADA Insecure Password Encryption
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
WellinTech KingSCADA Insecure Password Encryption
Last RevisedSeptember 06, 2018
Alert CodeICSA-12-129-01
## Overview
This advisory is a follow-up to the alert titled “ICS-ALERT-12-020-06 - WellinTech KingSCADA Insecure Password Encryption Vulnerability” that was published January 20, 2012, on the ICS-CERT web page.
Independent researchers Alexandr Polyakov and Alexey Sintsov from DSecRG identified an unsecure password encryption vulnerability in WellinTech KingSCADA application. When KingSCADA OPCServer and OPCClient are not on the same node, a remote attacker may obtain passw
GHSA
GHSA-r54h-4qg8-h76p: WellinTech KingSCADA 3
ghsa_unreviewed·2022-05-17
CVE-2012-1977 [HIGH] CWE-311 GHSA-r54h-4qg8-h76p: WellinTech KingSCADA 3
WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2012-05-09
Published