CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16670
https://notcve.org/view.php?id=CVE-2018-16670
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html. Se ha descubierto un problema en versiones anteriores a la 4.3 de CIRCONTROL CirCarLife. Hay una divulgación del estado PLC debido a la falta de autenticación en /html/devstat.html. • https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life https://www.exploit-db.com/exploits/45384 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 94%CPEs: 1EXPL: 1CVE-2018-12634 – CirCarLife SCADA 4.3.0 - Credential Disclosure
https://notcve.org/view.php?id=CVE-2018-12634
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife Scada en versiones anteriores a la 4.3 permite que atacantes remotos obtengan información sensible mediante una petición directa en los URI html/log o services/system/info.html. CirCarLife SCADA version 4.3.0 suffers from a credential disclosure vulnerability. • https://www.exploit-db.com/exploits/45384 https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life https://www.seebug.org/vuldb/ssvid-97353 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •