CVE-2018-12634
published 2018-06-22CVE-2018-12634: CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
57.74%
99.0th percentile
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| circontrol | circarlife_scada | < 4.3 | 4.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET request to /html/log returning HTTP 200 with response header containing 'CirCarLife Scada' and body containing 'user.debug', 'user.info', and 'EVSE' indicates successful exploitation of the unauthenticated log exposure.
- →Response header value 'CirCarLife Scada' can be used to fingerprint vulnerable CirCarLife SCADA devices exposed on the internet.
- →Log response body keywords 'user.debug', 'user.info', and 'EVSE' (all present together) confirm sensitive system log disclosure from the charging station.
- ·The vulnerability affects CirCarLife Scada versions before 4.3 only; version 4.3 and above are not affected.
- ·No authentication is required to exploit this vulnerability — the sensitive URIs are directly accessible to unauthenticated remote attackers.
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CirCarLife SCADA 4.3.0 - Credential Disclosure
exploitdb·2018-09-12·CVSS 9.8
CVE-2018-12634 [CRITICAL] CirCarLife SCADA 4.3.0 - Credential Disclosure
CirCarLife SCADA 4.3.0 - Credential Disclosure
---
# Exploit Title: CirCarLife SCADA 4.3.0 - Credential Disclosure
# Date: 2018-09-10
# Exploit Author: David Castro
# Vendor Homepage: https://circontrol.com/
# Shodan Dork: Server: CirCarLife Server: PsiOcppApp
# Version: CirCarLife Scada all versions under 4.3.0 OCPP implementation all versions under 1.5.0
# CVE : CVE-2018-12634
'''
Description: Mutiple information disclosure issues, including admin credentials disclosure
'''
import requests
from requests.auth import HTTPDigestAuth
from termcolor import colored
from bs4 import BeautifulSoup
import xml.etree.ElementTree as ET
import re
import json
import base64
cabecera = '''
_.-="_- _
_.-=" _- | ||"""""""---._______ __..
___.===""""-.______-,,,,,,,,,,,,`-''----" """"" """"" __'
__.--"
Nuclei
CirCarLife Scada <4.3 - System Log Exposure
nuclei·CVSS 9.8
CVE-2018-12634 [CRITICAL] CirCarLife Scada <4.3 - System Log Exposure
CirCarLife Scada <4.3 - System Log Exposure
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging station.
Template:
id: CVE-2018-12634
info:
name: CirCarLife Scada <4.3 - System Log Exposure
author: geeknik
severity: critical
description: CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging station.
impact: |
An attacker can gain access to sensitive system logs, potentially leading to unauthorized access or information disclosure.
remediation: |
Upgrade CirCarLi
No writeups or analysis indexed.
https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-lifehttps://www.exploit-db.com/exploits/45384/https://www.seebug.org/vuldb/ssvid-97353https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-lifehttps://www.exploit-db.com/exploits/45384/https://www.seebug.org/vuldb/ssvid-97353
2018-06-22
Published