CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-17922
https://notcve.org/view.php?id=CVE-2018-17922
Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication. En Circontrol CirCarLife en todas las versiones anteriores a la 4.3.1, las credenciales PAP del dispositivo se almacenan en texto claro en un archivo de registro accesible sin autenticación. • http://www.securityfocus.com/bid/105816 https://ics-cert.us-cert.gov/advisories/ICSA-18-305-03 • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-17918
https://notcve.org/view.php?id=CVE-2018-17918
Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page. En Circontrol CirCarLife en todas las versiones anteriores a la 4.3.1, la autenticación al dispositivo se puede omitir introduciendo la URL de una página en concreto. • http://www.securityfocus.com/bid/105816 https://ics-cert.us-cert.gov/advisories/ICSA-18-305-03 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16672
https://notcve.org/view.php?id=CVE-2018-16672
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information. Se ha descubierto un problema en versiones anteriores a la 4.3 de CIRCONTROL CirCarLife. Debido al almacenamiento de múltiples elementos de información sensible en formato JSON en /services/system/setup.json, un usuario autenticado pero sin privilegios puede exfiltrar información crítica de la instalación. • https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life https://www.exploit-db.com/exploits/45384 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16671
https://notcve.org/view.php?id=CVE-2018-16671
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id. Se ha descubierto un problema en versiones anteriores a la 4.3 de CIRCONTROL CirCarLife. Hay una divulgación de información del software del sistema debido a la falta de autenticación en /html/device-id. • https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life https://www.exploit-db.com/exploits/45384 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2018-16668
https://notcve.org/view.php?id=CVE-2018-16668
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository. Se ha descubierto un problema en versiones anteriores a la 4.3 de CIRCONTROL CirCarLife. Hay una divulgación de la ruta interna de instalación debido a la falta de autenticación en /html/repository. • https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life https://www.exploit-db.com/exploits/45384 • CWE-287: Improper Authentication •