9 matches found
CVE-2019-10849
CBAS Web (Computrols CBAS) 19.0.0 is affected by an information-disclosure vulnerability due to an unprotected Subversion/SVN directory that can disclose the firmware source code. The Red Hat advisory and exploit reports confirm the issue affects CBAS Web and maps to CVE-2019-10849, with an impac...
CVE-2019-10847
CVE-2019-10847 affects Computrols CBAS Web (CSRF). Documents show a CSRF vulnerability in CBAS Web, notably in version 18.0.0 (and affected earlier versions) that can allow unauthorized actions such as adding a Super Admin via forged requests. Public advisories indicate remote exploitation is pos...
CVE-2019-10853
CVE-2019-10853 affects Computrols CBAS Web (CBAS Web) and causes an Authentication Bypass via an alternate path/channel in the auth module. Affected software includes CBAS Web versions around 18.0.x and 19.0.x (per Red Hat, NCCIC ICS-CERT, CVE listings). The CVE is rated high (NVD CVSSv3 base sco...
CVE-2019-10848
CVE-2019-10848 affects Computrols CBAS Web (CBAS Web) versions around 18.x/19.x, where the Information Exposure Through Discrepancy (username enumeration) vulnerability exists in CBAS Web prior to certain fixes. Public sources (NVD, Red Hat advisories, Exploit-DB/PacketStorm) document that CBAS W...
CVE-2019-10854
CVE-2019-10854 affects Computrols CBAS Web (18.0.0/19.0.0). The vulnerability is described as a command-injection flaw in the json.php endpoint that can allow OS command execution, reported as part of a CBAS Web remote command injection chain. Public material (Exploits/Advisories) documents unaut...
CVE-2019-10850
CVE-2019-10850 involves Computrols CBAS 18.0.0 with default credentials. The trusted-identity issue allows unauthenticated access (PR:N, UI:N) over network, yielding high confidentiality, integrity, and availability impact per NVD metrics (CVSS v3: 9.8). Reports in CNVD describe a building-automa...
CVE-2019-10851
CVE-2019-10851 affects Computrols CBAS Web; vulnerability stems from hard-coded encryption keys used to decrypt database backups in CBAS Web scripts. An authenticated attacker could access the device’s full database and discover sensitive information. Mitigations referenced in multiple advisories...
CVE-2019-10855
CVE-2019-10855 affects Computrols CBAS Web (CBAS Web) and is tied to improper password handling. The documented vulnerability is that CBAS 18.0.0 and related versions store passwords by hashing with MD5 prefixed by a password indicator (e.g., pwadmin), meaning plain or weakly hashed passwords are...
CVE-2019-10852
CVE-2019-10852 affects Computrols CBAS Web (CBAS Web) with an authenticated SQL injection in the id GET parameter of index.php?m=servers&a=start_pulling&id=. The vulnerability arises from improper input validation in the SQL construction, enabling arbitrary SQL commands with partial confidentiali...