The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack.
References
Link | Resource |
---|---|
http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01 | US Government Resource |
http://www.exploit-db.com/exploits/28084/ | Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2022-10-03T16:14:52
Updated: 2022-10-03T16:14:52
Reserved: 2022-10-03T00:00:00
Link: CVE-2013-6127
JSON object: View
NVD Information
Status : Analyzed
Published: 2013-10-25T20:55:03.500
Modified: 2013-10-28T13:32:46.627
Link: CVE-2013-6127
JSON object: View
Redhat Information
No data.
CWE