cbcvebase.
CVE-2018-16670
published 2018-09-18

CVE-2018-16670: An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.

PriorityP277medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
24.75%
97.6th percentile
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.

Affected

1 ranges
VendorProductVersion rangeFixed in
circontrolcircarlife_scada< 4.34.3

Detection & IOCsextracted from sources · hover to see the quote

path/html/devstat.html
  • Detect unauthenticated HTTP GET requests to the exposed PLC status endpoint /html/devstat.html on CirCarLife devices, which requires no authentication and discloses PLC status information.
  • Sigma/YARA rule targeting CirCarLife devices checking for 'Reader.STATUS' string as part of PLC status disclosure detection, with digest 490a00463044022038596db43932bff346dcc3f1e4b7a100d6c66af8019418a7d642e8ce75fcfcbc022042d241959c2e004e5d0224eb52633917dcd89cbe8f5f3e25b1140b08f8c3a424:922c64590222798bb761d5b6d8e72950.
  • ·Vulnerability affects CIRCONTROL CirCarLife versions before 4.3 only; patched in 4.3 and later.

CVSS provenance

nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.