Vulnerability CVE-2018-16668


Published: 2018-09-18

Description:
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
CirCarLife SCADA 4.3.0 Credential Disclosure
SadFud
12.09.2018

Type:

CWE-200

(Information Exposure)

Vendor: Circontrol
Product: Circarlife firmware 

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life
https://www.exploit-db.com/exploits/45384/

Related CVE
CVE-2018-17922
Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication.
CVE-2018-17918
Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.
CVE-2018-16672
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup informati...
CVE-2018-12635
CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs.
CVE-2018-12634
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.

Copyright 2019, cxsecurity.com

 

Back to Top