Computrols Building Automation Software vulnerabilities
8 known vulnerabilities affecting computrols/computrols_building_automation_software.
Total CVEs
8
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
HIGH6MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2019-10854P2HIGHCVSS 8.8PoC≤ 19.0.02019-05-23
CVE-2019-10854 [HIGH] CWE-77 CVE-2019-10854: Computrols CBAS 18.0.0 allows Authenticated Command Injection.
Computrols CBAS 18.0.0 allows Authenticated Command Injection.
nvd
CVE-2019-10853P3HIGHCVSS 8.1PoC≤ 19.0.02019-05-23
CVE-2019-10853 [HIGH] CVE-2019-10853: Computrols CBAS 18.0.0 allows Authentication Bypass.
Computrols CBAS 18.0.0 allows Authentication Bypass.
nvd
CVE-2019-10849P3HIGHCVSS 7.5PoC≤ 19.0.02019-05-23
CVE-2019-10849 [HIGH] CWE-862 CVE-2019-10849: Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.
Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.
nvd
CVE-2019-10847P3HIGHCVSS 8.8PoC≤ 19.0.02019-05-24
CVE-2019-10847 [HIGH] CWE-352 CVE-2019-10847: Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.
nvd
CVE-2019-10848P3MEDIUMCVSS 5.3PoC≤ 19.0.02019-05-24
CVE-2019-10848 [MEDIUM] CWE-203 CVE-2019-10848: Computrols CBAS 18.0.0 allows Username Enumeration.
Computrols CBAS 18.0.0 allows Username Enumeration.
nvd
CVE-2019-10852P3HIGHCVSS 8.8≤ 19.0.02019-05-23
CVE-2019-10852 [HIGH] CWE-89 CVE-2019-10852: Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonst
Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring.
nvd
CVE-2019-10855P3HIGHCVSS 7.5≤ 19.0.02019-05-23
CVE-2019-10855 [HIGH] CWE-326 CVE-2019-10855: Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if th
Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database.
nvd
CVE-2019-10851P4MEDIUMCVSS 6.5≤ 19.0.02019-05-23
CVE-2019-10851 [MEDIUM] CWE-798 CVE-2019-10851: Computrols CBAS 18.0.0 has hard-coded encryption keys.
Computrols CBAS 18.0.0 has hard-coded encryption keys.
nvd