Circontrol
Products
6- 7 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-8007 | Cri | 0.64 | 9.8 | 0.02 | Nov 8, 2024 | The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection via three fields of the configuration menu for ntpserver0, ntpserver1, and pingip. | ||
| CVE-2018-17922 | Cri | 0.64 | 9.8 | 0.03 | Nov 2, 2018 | Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication. | ||
| CVE-2018-17918 | Cri | 0.64 | 9.8 | 0.04 | Nov 2, 2018 | Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page. | ||
| CVE-2018-16669 | Cri | 0.64 | 9.8 | 0.02 | Sep 18, 2018 | An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the… | ||
| CVE-2020-8006 | Hig | 0.57 | 8.8 | 0.01 | Apr 12, 2024 | The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation… | ||
| CVE-2018-16672 | Med | 0.42 | 6.5 | 0.02 | Sep 26, 2018 | An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information. | ||
| CVE-2018-16670 | Med | 0.36 | 5.3 | 0.25 | Sep 18, 2018 | An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html. | ||
| CVE-2018-16671 | Med | 0.35 | 5.3 | 0.09 | Sep 18, 2018 | An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id. | ||
| CVE-2018-16668 | Med | 0.35 | 5.3 | 0.09 | Sep 18, 2018 | An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository. |
- risk 0.64cvss 9.8epss 0.02
The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection via three fields of the configuration menu for ntpserver0, ntpserver1, and pingip.
- risk 0.64cvss 9.8epss 0.03
Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication.
- risk 0.64cvss 9.8epss 0.04
Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the…
- risk 0.57cvss 8.8epss 0.01
The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation…
- risk 0.42cvss 6.5epss 0.02
An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information.
- risk 0.36cvss 5.3epss 0.25
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html.
- risk 0.35cvss 5.3epss 0.09
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id.
- risk 0.35cvss 5.3epss 0.09
An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository.