Circontrol: >> Circarlife Scada Security Vulnerabilities
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information.
CVSS Score
6.5
EPSS Score
0.017
Published
2018-09-26
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
CVSS Score
5.3
EPSS Score
0.495
Published
2018-09-18
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.
CVSS Score
5.3
EPSS Score
0.464
Published
2018-09-18
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.
CVSS Score
5.3
EPSS Score
0.488
Published
2018-09-18
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
CVSS Score
9.8
EPSS Score
0.905
Published
2018-06-22