Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-16672 | 1 Circontrol | 1 Circarlife Scada | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information. | |||||
CVE-2018-16671 | 1 Circontrol | 1 Circarlife Scada | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id. | |||||
CVE-2018-16670 | 1 Circontrol | 1 Circarlife Scada | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html. | |||||
CVE-2018-16668 | 1 Circontrol | 1 Circarlife Scada | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository. | |||||
CVE-2018-12634 | 1 Circontrol | 1 Circarlife Scada | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. |