Cir-PWN-life is proof of concept for exploiting multiple vulnerabilities affecting Circontrol products in an automated way.
|CVE-2018-12634||CirCarLife Scada < v4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.|
|CVE-2018-16668||CirCarLife Scada < v4.3 internal installation path disclosure.|
|CVE-2018-16669||Due to a clear-text stored credentials, an unprivileged user can gain access to other services with higher privileges exploiting a flaw on Open Charge Point Protocol web implementation. All versions prior to <1.5.0 are vulnerable.|
|CVE-2018-16670||CirCarLife Scada < v4.3 allows remote attackers to obtain the status of PLCs used at charge stations.|
|CVE-2018-16671||CirCarLife Scada < v4.3 allows remote attackers to obtain software and hardware versions.|
|CVE-2018-16672||CirCarLife Scada < v4.3 allows remote authenticated attackers to obtain critical details about the carge station including credentials for GPRS Router.|
|Zoomeye||"Server: CirCarLife Scada"||984|
Bruteforce module can be started entering b as user when it's requested Bruteforce dictionary format -> username:password Default credentials -> admin:1234
- 2018/06/21 - CVE-2018-12634 CVE assigned
- 2018/09/04 - Vendor contacted without response
- 2018/09/06 - CVE-2018-16668 - 16672 CVE assigned
- 2018/09/06 - Spanish government CERT contacted for coordinated disclosure and further contact with the vendor to publish a patch.
- 2018/09/10 - POC published
Last update: 2018/09/10. No patch available