CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16672
https://notcve.org/view.php?id=CVE-2018-16672
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information. Se ha descubierto un problema en versiones anteriores a la 4.3 de CIRCONTROL CirCarLife. Debido al almacenamiento de múltiples elementos de información sensible en formato JSON en /services/system/setup.json, un usuario autenticado pero sin privilegios puede exfiltrar información crítica de la instalación. • https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life https://www.exploit-db.com/exploits/45384 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16671
https://notcve.org/view.php?id=CVE-2018-16671
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id. Se ha descubierto un problema en versiones anteriores a la 4.3 de CIRCONTROL CirCarLife. Hay una divulgación de información del software del sistema debido a la falta de autenticación en /html/device-id. • https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life https://www.exploit-db.com/exploits/45384 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16668
https://notcve.org/view.php?id=CVE-2018-16668
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository. Se ha descubierto un problema en versiones anteriores a la 4.3 de CIRCONTROL CirCarLife. Hay una divulgación de la ruta interna de instalación debido a la falta de autenticación en /html/repository. • https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life https://www.exploit-db.com/exploits/45384 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16670
https://notcve.org/view.php?id=CVE-2018-16670
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html. Se ha descubierto un problema en versiones anteriores a la 4.3 de CIRCONTROL CirCarLife. Hay una divulgación del estado PLC debido a la falta de autenticación en /html/devstat.html. • https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life https://www.exploit-db.com/exploits/45384 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 94%CPEs: 1EXPL: 1CVE-2018-12634 – CirCarLife SCADA 4.3.0 - Credential Disclosure
https://notcve.org/view.php?id=CVE-2018-12634
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife Scada en versiones anteriores a la 4.3 permite que atacantes remotos obtengan información sensible mediante una petición directa en los URI html/log o services/system/info.html. CirCarLife SCADA version 4.3.0 suffers from a credential disclosure vulnerability. • https://www.exploit-db.com/exploits/45384 https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life https://www.seebug.org/vuldb/ssvid-97353 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •