CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-16669

An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 5.0

References

https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life
https://www.exploit-db.com/exploits/45384/
https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life
https://www.exploit-db.com/exploits/45384/

Products affected by CVE-2018-16669

Circontrol » Open Charge Point Protocol » Version: 1.0.0

cpe:2.3:a:circontrol:open_charge_point_protocol:1.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-16669

Products

Pricing

Contact Us