CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. A PLC status disclosure exists due to lack of authentication for /html/devstat.html. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16670 info: name: CirCarLife 4.3 -...

CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. A system software information disclosure exists due to lack of authentication for /html/device-id. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16671 info: name:...

CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. An internal installation path disclosure exists due to the lack of authentication for /html/repository.System. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16668 inf...

CirCarLife Scada <4.3 - System Log Exposure

CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging station. id: CVE-2018-12634 info: name: CirCarLife Scada 4.3 - System Log...

CVE-2018-12635

CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs...

EUVD-2018-9659

Malware in sbrugna...

EUVD-2018-4591

Malware in sbrugna...

EUVD-2018-8474

Malware in sbrugna...

VulnCheck KEV: CVE-2018-16670

An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html...

Unspecified Vulnerability in CIRCONTROL CirCarLife

CIRCONTROL CirCarLife is a parking lot automation system from CIRCONTROL, Spain. A security vulnerability exists in CIRCONTROL CirCarLife versions prior to 4.3.1. An attacker can exploit the vulnerability by entering a URL to bypass device authentication...

CVE-2018-17922

Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication...

CVE-2018-17922

Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication...

Authentication flaw

Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication...

CVE-2018-17918

Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page...

CVE-2018-17918

Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page...

CVE-2018-17918

Circontrol CirCarLife vulnerability (CVE-2018-17918) affects all versions prior to 4.3.1. An authentication bypass is possible by entering the URL of a specific page, enabling remote access to the device. ICSA-18-305-03 documents a CVSS v3 base score of 10.0 (high severity) and confirms remote, u...

CVE-2018-17922

Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication...

CVE-2018-17922

CVE-2018-17922 affects Circontrol CirCarLife: all versions before 4.3.1. The PAP credentials are stored in clear text in a log file that is accessible without authentication, enabling credential exposure. NVD lists a CVSSv3 base score of 9.8 (CRITICAL) with remote, unauthenticated access and impa...

Circontrol CirCarLife

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Circontrol Equipment: CirCarLife Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these...

Circontrol CirCarLife Information Disclosure Vulnerability (CNVD-2018-20063)

Circontrol CirCarLife is a parking lot automation system from Circontrol, Spain. A security vulnerability exists in Circontrol CirCarLife versions prior to 4.3, which originates from the program storing sensitive information elements in JSON format in the /services/system/setup.json file. An...