Lucene search
K

94 matches found

Cvelist
Cvelist
added 2019/05/23 7:3 p.m.22 views

CVE-2019-10850

Computrols CBAS 18.0.0 has Default Credentials...

9.5AI score0.01949EPSS
Exploits0References2
CVE
CVE
added 2019/05/23 6:58 p.m.51 views

CVE-2019-10851

CVE-2019-10851 affects Computrols CBAS Web; vulnerability stems from hard-coded encryption keys used to decrypt database backups in CBAS Web scripts. An authenticated attacker could access the device’s full database and discover sensitive information. Mitigations referenced in multiple advisories...

6.5CVSS6.5AI score0.00666EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/05/23 6:58 p.m.37 views

CVE-2019-10851

Computrols CBAS 18.0.0 has hard-coded encryption keys...

6.5AI score0.00666EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/05/23 6:56 p.m.33 views

CVE-2019-10852

Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=startpulling&id= substring...

9.2AI score0.01751EPSS
Exploits1References3
CVE
CVE
added 2019/05/23 6:56 p.m.47 views

CVE-2019-10852

CVE-2019-10852 affects Computrols CBAS Web (CBAS Web) with an authenticated SQL injection in the id GET parameter of index.php?m=servers&a=start_pulling&id=. The vulnerability arises from improper input validation in the SQL construction, enabling arbitrary SQL commands with partial confidentiali...

8.8CVSS9.1AI score0.01751EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2019/05/23 6:53 p.m.80 views

CVE-2019-10853

CVE-2019-10853 affects Computrols CBAS Web (CBAS Web) and causes an Authentication Bypass via an alternate path/channel in the auth module. Affected software includes CBAS Web versions around 18.0.x and 19.0.x (per Red Hat, NCCIC ICS-CERT, CVE listings). The CVE is rated high (NVD CVSSv3 base sco...

8.3CVSS8.4AI score0.0166EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2019/05/23 6:53 p.m.40 views

CVE-2019-10853

Computrols CBAS 18.0.0 allows Authentication Bypass...

8.2AI score0.0166EPSS
Exploits4References2
Cvelist
Cvelist
added 2019/05/23 6:45 p.m.41 views

CVE-2019-10854

Computrols CBAS 18.0.0 allows Authenticated Command Injection...

8.8AI score0.02991EPSS
Exploits4References2
CVE
CVE
added 2019/05/23 6:45 p.m.69 views

CVE-2019-10854

CVE-2019-10854 affects Computrols CBAS Web (18.0.0/19.0.0). The vulnerability is described as a command-injection flaw in the json.php endpoint that can allow OS command execution, reported as part of a CBAS Web remote command injection chain. Public material (Exploits/Advisories) documents unaut...

9CVSS8.7AI score0.02991EPSS
Exploits4References2Affected Software1
CVE
CVE
added 2019/05/23 6:43 p.m.49 views

CVE-2019-10855

CVE-2019-10855 affects Computrols CBAS Web (CBAS Web) and is tied to improper password handling. The documented vulnerability is that CBAS 18.0.0 and related versions store passwords by hashing with MD5 prefixed by a password indicator (e.g., pwadmin), meaning plain or weakly hashed passwords are...

7.5CVSS7.5AI score0.00998EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/05/23 6:43 p.m.21 views

CVE-2019-10855

Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database...

7.6AI score0.00998EPSS
Exploits0References2
CNVD
CNVD
added 2019/05/23 12:0 a.m.4 views

Computrols CBAS Web Authentication Bypass Vulnerability

CBAS Web is a Web-based building management system BMS from Computrols. An authentication bypass vulnerability exists in Computrols CBAS Web. An unauthenticated attacker could use this vulnerability to bypass authentication and gain full control of the device...

8.3CVSS7.3AI score0.0166EPSS
Exploits4References1
CNVD
CNVD
added 2019/05/23 12:0 a.m.3 views

Computrols CBAS Insufficient Encryption Strength Vulnerability

CBAS Web is a Web-based building management system BMS from Computrols. Computrols CBAS Web suffers from an insufficient encryption strength vulnerability. The vulnerability stems from the fact that this application stores passwords in a database using MD5 hashes, and the MD5 algorithm is...

7.5CVSS6.8AI score0.00998EPSS
Exploits0References1
ICS
ICS
added 2019/05/21 12:0 a.m.169 views

Computrols CBAS Web

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Computrols Equipment: CBAS Web Vulnerabilities: Cross-site Request Forgery, Information Exposure Through Discrepancy, Cross-site Scripting, Command Injection, Information Exposure Through Source...

9CVSS9.2AI score0.09012EPSS
Exploits21References6
Rows per page
Query Builder