Circontrol Circarlife Scada vulnerabilities
5 known vulnerabilities affecting circontrol/circarlife_scada.
Total CVEs
5
CISA KEV
0
Public exploits
5
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2018-16670P2MEDIUMCVSS 5.3ExploitedPoCfixed in 4.32018-09-18
CVE-2018-16670 [MEDIUM] CWE-287 CVE-2018-16670: An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to l
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
nvd
CVE-2018-12634P2CRITICALCVSS 9.8PoCfixed in 4.32018-06-22
CVE-2018-12634 [CRITICAL] CWE-200 CVE-2018-12634: CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct req
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
nvd
CVE-2018-16671P3MEDIUMCVSS 5.3PoCfixed in 4.32018-09-18
CVE-2018-16671 [MEDIUM] CWE-200 CVE-2018-16671: An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information di
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.
nvd
CVE-2018-16668P3MEDIUMCVSS 5.3PoCfixed in 4.32018-09-18
CVE-2018-16668 [MEDIUM] CWE-287 CVE-2018-16668: An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path dis
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.
nvd
CVE-2018-16672P3MEDIUMCVSS 6.5PoCfixed in 4.32018-09-26
CVE-2018-16672 [MEDIUM] CWE-200 CVE-2018-16672: An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitiv
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information.
nvd