Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Circontrol Subscribe
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-12634 1 Circontrol 1 Circarlife Scada 2021-07-08 5.0 MEDIUM 9.8 CRITICAL
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
CVE-2018-16668 1 Circontrol 1 Circarlife Scada 2021-07-08 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.
CVE-2018-16672 1 Circontrol 1 Circarlife Scada 2021-07-08 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information.
CVE-2018-17922 1 Circontrol 2 Circarlife, Circarlife Firmware 2019-10-09 5.0 MEDIUM 9.8 CRITICAL
Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication.
CVE-2018-17918 1 Circontrol 2 Circarlife, Circarlife Firmware 2019-10-09 7.5 HIGH 9.8 CRITICAL
Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.
CVE-2018-16669 1 Circontrol 1 Open Charge Point Protocol 2019-10-02 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.
CVE-2018-16670 1 Circontrol 1 Circarlife Scada 2018-11-07 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
CVE-2018-16671 1 Circontrol 1 Circarlife Scada 2018-11-07 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.
CVE-2018-12635 1 Circontrol 1 Scada 2018-08-10 5.0 MEDIUM 7.5 HIGH
CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs.