CVE-2013-7248

2014-01-2601:55:09

CWE-255

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.01

Percentile

83.6%

JSON

Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.

Affected configurations

Nvd

Node

franklinfuelingts-550_evo_firmwareMatch2.0.0.6833

franklinfuelingts-550_evo_firmwareMatch2.3.1.7492

AND

franklinfuelingts-550_evoMatch-

VendorProductVersionCPE
franklinfuelingts-550_evo_firmware2.0.0.6833cpe:2.3:o:franklinfueling:ts-550_evo_firmware:2.0.0.6833:*:*:*:*:*:*:*
franklinfuelingts-550_evo_firmware2.3.1.7492cpe:2.3:o:franklinfueling:ts-550_evo_firmware:2.3.1.7492:*:*:*:*:*:*:*
franklinfuelingts-550_evo-cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
franklinfueling	ts-550_evo_firmware	2.0.0.6833	cpe:2.3:o:franklinfueling:ts-550_evo_firmware:2.0.0.6833:::::::*
franklinfueling	ts-550_evo_firmware	2.3.1.7492	cpe:2.3:o:franklinfueling:ts-550_evo_firmware:2.3.1.7492:::::::*
franklinfueling	ts-550_evo	-	cpe:2.3:h:franklinfueling:ts-550_evo:-:::::::*