Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Computrols Subscribe
Filtered by product Computrols Building Automation Software
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-10851 1 Computrols 1 Computrols Building Automation Software 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
Computrols CBAS 18.0.0 has hard-coded encryption keys.
CVE-2019-10848 1 Computrols 1 Computrols Building Automation Software 2020-08-24 5.0 MEDIUM 5.3 MEDIUM
Computrols CBAS 18.0.0 allows Username Enumeration.
CVE-2019-10849 1 Computrols 1 Computrols Building Automation Software 2020-08-24 5.0 MEDIUM 7.5 HIGH
Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.
CVE-2019-10855 1 Computrols 1 Computrols Building Automation Software 2020-08-24 5.0 MEDIUM 7.5 HIGH
Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database.
CVE-2019-10853 1 Computrols 1 Computrols Building Automation Software 2020-08-24 8.3 HIGH 8.1 HIGH
Computrols CBAS 18.0.0 allows Authentication Bypass.
CVE-2019-10852 1 Computrols 1 Computrols Building Automation Software 2019-11-12 6.5 MEDIUM 8.8 HIGH
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring.
CVE-2019-10847 1 Computrols 1 Computrols Building Automation Software 2019-11-12 6.8 MEDIUM 8.8 HIGH
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.
CVE-2019-10854 1 Computrols 1 Computrols Building Automation Software 2019-05-24 9.0 HIGH 8.8 HIGH
Computrols CBAS 18.0.0 allows Authenticated Command Injection.
CVE-2019-10850 1 Computrols 1 Computrols Building Automation Software 2019-05-24 10.0 HIGH 9.8 CRITICAL
Computrols CBAS 18.0.0 has Default Credentials.