94 matches found
CVE-2019-10850
Computrols CBAS 18.0.0 has Default Credentials...
CVE-2019-10851
CVE-2019-10851 affects Computrols CBAS Web; vulnerability stems from hard-coded encryption keys used to decrypt database backups in CBAS Web scripts. An authenticated attacker could access the device’s full database and discover sensitive information. Mitigations referenced in multiple advisories...
CVE-2019-10851
Computrols CBAS 18.0.0 has hard-coded encryption keys...
CVE-2019-10852
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=startpulling&id= substring...
CVE-2019-10852
CVE-2019-10852 affects Computrols CBAS Web (CBAS Web) with an authenticated SQL injection in the id GET parameter of index.php?m=servers&a=start_pulling&id=. The vulnerability arises from improper input validation in the SQL construction, enabling arbitrary SQL commands with partial confidentiali...
CVE-2019-10853
CVE-2019-10853 affects Computrols CBAS Web (CBAS Web) and causes an Authentication Bypass via an alternate path/channel in the auth module. Affected software includes CBAS Web versions around 18.0.x and 19.0.x (per Red Hat, NCCIC ICS-CERT, CVE listings). The CVE is rated high (NVD CVSSv3 base sco...
CVE-2019-10853
Computrols CBAS 18.0.0 allows Authentication Bypass...
CVE-2019-10854
Computrols CBAS 18.0.0 allows Authenticated Command Injection...
CVE-2019-10854
CVE-2019-10854 affects Computrols CBAS Web (18.0.0/19.0.0). The vulnerability is described as a command-injection flaw in the json.php endpoint that can allow OS command execution, reported as part of a CBAS Web remote command injection chain. Public material (Exploits/Advisories) documents unaut...
CVE-2019-10855
CVE-2019-10855 affects Computrols CBAS Web (CBAS Web) and is tied to improper password handling. The documented vulnerability is that CBAS 18.0.0 and related versions store passwords by hashing with MD5 prefixed by a password indicator (e.g., pwadmin), meaning plain or weakly hashed passwords are...
CVE-2019-10855
Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database...
Computrols CBAS Web Authentication Bypass Vulnerability
CBAS Web is a Web-based building management system BMS from Computrols. An authentication bypass vulnerability exists in Computrols CBAS Web. An unauthenticated attacker could use this vulnerability to bypass authentication and gain full control of the device...
Computrols CBAS Insufficient Encryption Strength Vulnerability
CBAS Web is a Web-based building management system BMS from Computrols. Computrols CBAS Web suffers from an insufficient encryption strength vulnerability. The vulnerability stems from the fact that this application stores passwords in a database using MD5 hashes, and the MD5 algorithm is...
Computrols CBAS Web
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Computrols Equipment: CBAS Web Vulnerabilities: Cross-site Request Forgery, Information Exposure Through Discrepancy, Cross-site Scripting, Command Injection, Information Exposure Through Source...