Vulnerabilities (CVE)

Filtered by vendor Circontrol Subscribe
Filtered by product Circarlife Scada
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-16672 1 Circontrol 1 Circarlife Scada 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information.
CVE-2018-16671 1 Circontrol 1 Circarlife Scada 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.
CVE-2018-16670 1 Circontrol 1 Circarlife Scada 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
CVE-2018-16668 1 Circontrol 1 Circarlife Scada 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.
CVE-2018-12634 1 Circontrol 1 Circarlife Scada 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.