Franklinfueling Ts-550 Evo Firmware vulnerabilities
7 known vulnerabilities affecting franklinfueling/ts-550_evo_firmware.
Total CVEs
7
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH3MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2013-7248P2CRITICALCVSS 10.0PoCv2.0.0.6833v2.3.1.74922014-01-26
CVE-2013-7248 [CRITICAL] CWE-255 CVE-2013-7248: Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a h
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.
nvd
CVE-2023-5846P2CRITICALCVSS 9.8fixed in 1.9.23.89602023-11-02
CVE-2023-5846 [CRITICAL] CWE-916 CVE-2023-5846: Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding a
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.
nvd
CVE-2013-7247P4MEDIUMCVSS 5.0PoCv2.0.0.6833v2.3.1.74922014-01-26
CVE-2013-7247 [MEDIUM] CWE-264 CVE-2013-7247: cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST.
nvd
CVE-2021-46421P3HIGHCVSS 7.5v1.8.7.72992022-04-27
CVE-2021-46421 [HIGH] CWE-22 CVE-2021-46421: Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traver
Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.
nvd
CVE-2021-46420P3HIGHCVSS 7.5v2.23.4.89362022-04-27
CVE-2021-46420 [HIGH] CWE-22 CVE-2021-46420: Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory trav
Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.
nvd
CVE-2017-6565P3HIGHCVSS 8.8v2.3.0.73322017-05-01
CVE-2017-6565 [HIGH] CVE-2017-6565: On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload.
nvd
CVE-2017-6564P4MEDIUMCVSS 6.5v2.3.0.73322017-05-01
CVE-2017-6564 [MEDIUM] CWE-862 CVE-2017-6564: On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in furthe
nvd