CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16672
https://notcve.org/view.php?id=CVE-2018-16672
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information. Se ha descubierto un problema en versiones anteriores a la 4.3 de CIRCONTROL CirCarLife. Debido al almacenamiento de múltiples elementos de información sensible en formato JSON en /services/system/setup.json, un usuario autenticado pero sin privilegios puede exfiltrar información crítica de la instalación. • https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life https://www.exploit-db.com/exploits/45384 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16671
https://notcve.org/view.php?id=CVE-2018-16671
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id. Se ha descubierto un problema en versiones anteriores a la 4.3 de CIRCONTROL CirCarLife. Hay una divulgación de información del software del sistema debido a la falta de autenticación en /html/device-id. • https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life https://www.exploit-db.com/exploits/45384 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16668
https://notcve.org/view.php?id=CVE-2018-16668
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository. Se ha descubierto un problema en versiones anteriores a la 4.3 de CIRCONTROL CirCarLife. Hay una divulgación de la ruta interna de instalación debido a la falta de autenticación en /html/repository. • https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life https://www.exploit-db.com/exploits/45384 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16670
https://notcve.org/view.php?id=CVE-2018-16670
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html. Se ha descubierto un problema en versiones anteriores a la 4.3 de CIRCONTROL CirCarLife. Hay una divulgación del estado PLC debido a la falta de autenticación en /html/devstat.html. • https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life https://www.exploit-db.com/exploits/45384 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12635
https://notcve.org/view.php?id=CVE-2018-12635
CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs. CirCarLife Scada v4.2.4 permite las actualizaciones no autorizadas mediante peticiones a los URI html/upgrade.html y services/system/firmware.upgrade. • https://www.seebug.org/vuldb/ssvid-97353 • CWE-20: Improper Input Validation •