Lucene search
K
ComputrolsComputrols Building Automation Software

9 matches found

CVE
CVE
added 2019/05/23 7:5 p.m.119 views

CVE-2019-10849

CBAS Web (Computrols CBAS) 19.0.0 is affected by an information-disclosure vulnerability due to an unprotected Subversion/SVN directory that can disclose the firmware source code. The Red Hat advisory and exploit reports confirm the issue affects CBAS Web and maps to CVE-2019-10849, with an impac...

7.5CVSS7.4AI score0.09012EPSS
CVE
CVE
added 2019/05/24 4:33 p.m.87 views

CVE-2019-10847

CVE-2019-10847 affects Computrols CBAS Web (CSRF). Documents show a CSRF vulnerability in CBAS Web, notably in version 18.0.0 (and affected earlier versions) that can allow unauthorized actions such as adding a Super Admin via forged requests. Public advisories indicate remote exploitation is pos...

8.8CVSS8.6AI score0.0242EPSS
Web
CVE
CVE
added 2019/05/23 6:53 p.m.81 views

CVE-2019-10853

CVE-2019-10853 affects Computrols CBAS Web (CBAS Web) and causes an Authentication Bypass via an alternate path/channel in the auth module. Affected software includes CBAS Web versions around 18.0.x and 19.0.x (per Red Hat, NCCIC ICS-CERT, CVE listings). The CVE is rated high (NVD CVSSv3 base sco...

8.3CVSS8.4AI score0.0166EPSS
CVE
CVE
added 2019/05/24 4:29 p.m.78 views

CVE-2019-10848

CVE-2019-10848 affects Computrols CBAS Web (CBAS Web) versions around 18.x/19.x, where the Information Exposure Through Discrepancy (username enumeration) vulnerability exists in CBAS Web prior to certain fixes. Public sources (NVD, Red Hat advisories, Exploit-DB/PacketStorm) document that CBAS W...

5.3CVSS5.2AI score0.08489EPSS
Web
CVE
CVE
added 2019/05/23 6:45 p.m.69 views

CVE-2019-10854

CVE-2019-10854 affects Computrols CBAS Web (18.0.0/19.0.0). The vulnerability is described as a command-injection flaw in the json.php endpoint that can allow OS command execution, reported as part of a CBAS Web remote command injection chain. Public material (Exploits/Advisories) documents unaut...

9CVSS8.7AI score0.02991EPSS
CVE
CVE
added 2019/05/23 7:3 p.m.54 views

CVE-2019-10850

CVE-2019-10850 involves Computrols CBAS 18.0.0 with default credentials. The trusted-identity issue allows unauthenticated access (PR:N, UI:N) over network, yielding high confidentiality, integrity, and availability impact per NVD metrics (CVSS v3: 9.8). Reports in CNVD describe a building-automa...

10CVSS9.4AI score0.01949EPSS
CVE
CVE
added 2019/05/23 6:58 p.m.51 views

CVE-2019-10851

CVE-2019-10851 affects Computrols CBAS Web; vulnerability stems from hard-coded encryption keys used to decrypt database backups in CBAS Web scripts. An authenticated attacker could access the device’s full database and discover sensitive information. Mitigations referenced in multiple advisories...

6.5CVSS6.5AI score0.00666EPSS
CVE
CVE
added 2019/05/23 6:43 p.m.50 views

CVE-2019-10855

CVE-2019-10855 affects Computrols CBAS Web (CBAS Web) and is tied to improper password handling. The documented vulnerability is that CBAS 18.0.0 and related versions store passwords by hashing with MD5 prefixed by a password indicator (e.g., pwadmin), meaning plain or weakly hashed passwords are...

7.5CVSS7.5AI score0.00998EPSS
CVE
CVE
added 2019/05/23 6:56 p.m.47 views

CVE-2019-10852

CVE-2019-10852 affects Computrols CBAS Web (CBAS Web) with an authenticated SQL injection in the id GET parameter of index.php?m=servers&a=start_pulling&id=. The vulnerability arises from improper input validation in the SQL construction, enabling arbitrary SQL commands with partial confidentiali...

8.8CVSS9.1AI score0.01751EPSS
Web