2021-05-31 16:31:04 +00:00
id : CVE-2018-12634
2021-04-24 15:44:07 +00:00
info :
2022-05-13 20:26:43 +00:00
name : CirCarLife Scada <4.3 - System Log Exposure
2021-04-24 15:44:07 +00:00
author : geeknik
2021-09-10 11:26:40 +00:00
severity : critical
2022-05-13 20:26:43 +00:00
description : CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging station.
2023-09-27 15:51:13 +00:00
impact : |
An attacker can gain access to sensitive system logs, potentially leading to unauthorized access or information disclosure.
2023-09-06 12:57:14 +00:00
remediation : |
Upgrade CirCarLife Scada to version 4.3 or above to fix the system log exposure vulnerability.
2022-04-22 10:38:41 +00:00
reference :
- https://circontrol.com/
2022-05-13 20:26:43 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2018-12634
2022-05-17 09:18:12 +00:00
- https://www.seebug.org/vuldb/ssvid-97353
- https://www.exploit-db.com/exploits/45384/
2023-07-11 19:49:27 +00:00
- https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2018-12634
cwe-id : CWE-200
2024-04-08 11:34:33 +00:00
epss-score : 0.95531
epss-percentile : 0.99245
2023-09-06 12:57:14 +00:00
cpe : cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : circontrol
product : circarlife_scada
tags : cve,cve2018,scada,circontrol,circarlife,logs,edb
2021-04-24 15:44:07 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-04-24 15:44:07 +00:00
- method : GET
path :
- "{{BaseURL}}/html/log"
2023-07-11 19:49:27 +00:00
2021-04-24 15:44:07 +00:00
matchers-condition : and
matchers :
- type : word
part : header
words :
- "CirCarLife Scada"
2023-07-11 19:49:27 +00:00
2021-04-24 15:44:07 +00:00
- type : word
words :
- "user.debug"
- "user.info"
- "EVSE"
condition : and
2023-07-11 19:49:27 +00:00
2021-04-24 15:44:07 +00:00
- type : status
status :
- 200
2024-01-14 14:05:19 +00:00
# digest: 4a0a00473045022100ed0b29ad551cb1c8046e44ccfeb468882574d4d84131408c68bd1df5afd26cfa022075bd7e7320c9c33dad093dd40822990e12fc84791e76510619255948ce4ba1cd:922c64590222798bb761d5b6d8e72950