CVE-2018-16670
published 2018-09-18CVE-2018-16670: An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
PriorityP277medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
24.75%
97.6th percentile
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| circontrol | circarlife_scada | < 4.3 | 4.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP GET requests to the exposed PLC status endpoint /html/devstat.html on CirCarLife devices, which requires no authentication and discloses PLC status information. ↗
- →Sigma/YARA rule targeting CirCarLife devices checking for 'Reader.STATUS' string as part of PLC status disclosure detection, with digest 490a00463044022038596db43932bff346dcc3f1e4b7a100d6c66af8019418a7d642e8ce75fcfcbc022042d241959c2e004e5d0224eb52633917dcd89cbe8f5f3e25b1140b08f8c3a424:922c64590222798bb761d5b6d8e72950.
- ·Vulnerability affects CIRCONTROL CirCarLife versions before 4.3 only; patched in 4.3 and later. ↗
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7559-8jwg-355g: An issue was discovered in CIRCONTROL CirCarLife before 4
ghsa_unreviewed·2022-05-14
CVE-2018-16670 [MEDIUM] CWE-287 GHSA-7559-8jwg-355g: An issue was discovered in CIRCONTROL CirCarLife before 4
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
VulnCheck
circontrol circarlife_scada Improper Authentication
vulncheck·2018·CVSS 5.3
CVE-2018-16670 [MEDIUM] circontrol circarlife_scada Improper Authentication
circontrol circarlife_scada Improper Authentication
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
Affected: circontrol circarlife_scada
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2018-16670
No detection rules found.
Exploit-DB
CirCarLife SCADA 4.3.0 - Credential Disclosure
exploitdb·2018-09-12·CVSS 9.8
CVE-2018-12634 [CRITICAL] CirCarLife SCADA 4.3.0 - Credential Disclosure
CirCarLife SCADA 4.3.0 - Credential Disclosure
---
# Exploit Title: CirCarLife SCADA 4.3.0 - Credential Disclosure
# Date: 2018-09-10
# Exploit Author: David Castro
# Vendor Homepage: https://circontrol.com/
# Shodan Dork: Server: CirCarLife Server: PsiOcppApp
# Version: CirCarLife Scada all versions under 4.3.0 OCPP implementation all versions under 1.5.0
# CVE : CVE-2018-12634
'''
Description: Mutiple information disclosure issues, including admin credentials disclosure
'''
import requests
from requests.auth import HTTPDigestAuth
from termcolor import colored
from bs4 import BeautifulSoup
import xml.etree.ElementTree as ET
import re
import json
import base64
cabecera = '''
_.-="_- _
_.-=" _- | ||"""""""---._______ __..
___.===""""-.______-,,,,,,,,,,,,`-''----" """"" """"" __'
__.--"
Nuclei
CirCarLife <4.3 - Improper Authentication
nuclei·CVSS 5.3
CVE-2018-16670 [MEDIUM] CirCarLife <4.3 - Improper Authentication
CirCarLife "
- "Reader.STATUS"
condition: and
# digest: 490a00463044022038596db43932bff346dcc3f1e4b7a100d6c66af8019418a7d642e8ce75fcfcbc022042d241959c2e004e5d0224eb52633917dcd89cbe8f5f3e25b1140b08f8c3a424:922c64590222798bb761d5b6d8e72950
2018-09-18
Published
Exploited in the wild