CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16670
https://notcve.org/view.php?id=CVE-2018-16670
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html. Se ha descubierto un problema en versiones anteriores a la 4.3 de CIRCONTROL CirCarLife. Hay una divulgación del estado PLC debido a la falta de autenticación en /html/devstat.html. • https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life https://www.exploit-db.com/exploits/45384 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2018-16669
https://notcve.org/view.php?id=CVE-2018-16669
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels. Se ha descubierto un problema en CIRCONTROL Open Charge Point Protocol (OCPP) en versiones anteriores a la 1.5.0, tal y como se emplea en CirCarLife, PowerStudio y otros productos. Debido al almacenamiento de credenciales en archivos XML, un usuario sin privilegios puede ver /services/config/config.xml para las credenciales de administrador de los paneles ocpp y circarlife. • https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life https://www.exploit-db.com/exploits/45384 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12635
https://notcve.org/view.php?id=CVE-2018-12635
CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs. CirCarLife Scada v4.2.4 permite las actualizaciones no autorizadas mediante peticiones a los URI html/upgrade.html y services/system/firmware.upgrade. • https://www.seebug.org/vuldb/ssvid-97353 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 94%CPEs: 1EXPL: 1CVE-2018-12634 – CirCarLife SCADA 4.3.0 - Credential Disclosure
https://notcve.org/view.php?id=CVE-2018-12634
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife Scada en versiones anteriores a la 4.3 permite que atacantes remotos obtengan información sensible mediante una petición directa en los URI html/log o services/system/info.html. CirCarLife SCADA version 4.3.0 suffers from a credential disclosure vulnerability. • https://www.exploit-db.com/exploits/45384 https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life https://www.seebug.org/vuldb/ssvid-97353 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •