VYPR
Vendor

Franklinfueling

Products
7
CVEs
14
Across products
18
Status
Private

Products

7

Recent CVEs

14
  • CVE-2017-6565HigMay 1, 2017
    risk 0.57cvss 8.8epss 0.01

    On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious…

  • CVE-2024-8497HigSep 25, 2024
    risk 0.49cvss 7.5epss 0.01

    Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker obtain administrator credentials.

  • CVE-2024-2442HigMar 19, 2024
    risk 0.49cvss 7.5epss 0.01

    Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path Traversal vulnerability that could allow an attacker to access sensitive files on the system.

  • CVE-2017-6564MedMay 1, 2017
    risk 0.42cvss 6.5epss 0.01

    On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host…

  • CVE-2021-46417Apr 7, 2022
    risk 0.10cvss epss 0.60

    Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580.

  • CVE-2013-7248Jan 26, 2014
    risk 0.03cvss epss 0.04

    Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.

  • CVE-2013-7247Jan 26, 2014
    risk 0.03cvss epss 0.03

    cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST.

  • CVE-2023-48928Dec 8, 2023
    risk 0.00cvss epss 0.00

    Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.

  • CVE-2023-48929Dec 8, 2023
    risk 0.00cvss epss 0.01

    Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. The 'sid' parameter in the group_status.asp resource allows an attacker to escalate privileges and obtain sensitive information.

  • CVE-2023-5885Nov 27, 2023
    risk 0.00cvss epss 0.01

    The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users.

  • CVE-2023-5846Nov 2, 2023
    risk 0.00cvss epss 0.00

    Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.

  • CVE-2022-44039Dec 5, 2022
    risk 0.00cvss epss 0.01

    Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ¶¶ An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of "fopen" system function with…

  • CVE-2021-46421Apr 27, 2022
    risk 0.00cvss epss 0.06

    Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.

  • CVE-2021-46420Apr 27, 2022
    risk 0.00cvss epss 0.05

    Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.