CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-6564

On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.9%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

http://www.u235.io/single-post/2017/05/01/Penetrating-Fuel-Management-Systems
https://gist.github.com/Stick-U235/b187931f828e92866d09b9bdeb956ca2
http://www.u235.io/single-post/2017/05/01/Penetrating-Fuel-Management-Systems
https://gist.github.com/Stick-U235/b187931f828e92866d09b9bdeb956ca2

Products affected by CVE-2017-6564

Franklinfueling » Ts-550 Evo » Version: N/A

cpe:2.3:h:franklinfueling:ts-550_evo:-
Franklinfueling » Ts-550 Evo Firmware » Version: 2.3.0.7332

cpe:2.3:o:franklinfueling:ts-550_evo_firmware:2.3.0.7332

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-6564

Products

Pricing

Contact Us