qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/CirCarLife-SCADA-4.3-Creden...

60 lines
3.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "CirCarLife SCADA 4.3 Credential Disclosure",
"Description": "<p>Circontrol is a Spanish manufacturer that insists on developing innovative technologies to provide competitive and comprehensive products and solutions for eMobility and efficiency of parking lots.</p><p>CirCarLife Scada all versions under 4.3.0 OCPP implementation all versions under 1.5.0 has an information disclosure vulnerability, leaking information such as logs and configuration</p>",
"Product": "CirCarLife-Scada",
"Homepage": "https://circontrol.com/",
"DisclosureDate": "2018-09-10",
"Author": "1291904552@qq.com",
"FofaQuery": "banner=\"CirCarLife Scada\"",
"GobyQuery": "banner=\"CirCarLife Scada\"",
"Level": "2",
"Impact": "<p>Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website.</p>",
"Recommandation": "<p>The vendor has released a bug fix, please pay attention to the update in time: https://circontrol.com.</p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2. If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "CirCarLife SCADA 4.3 版本信息泄露漏洞",
"VulType": ["信息泄露"],
"Description": "<p>Circontrol是一家西班牙制造商坚持开发创新技术为停车场的 eMobility 和效率提供具有竞争力和全面的产品和解决方案。</p><p>CirCarLife SCADA 在1.5.0至4.3.0版本存在信息泄露漏洞,泄露了日志及配置等信息</p>",
"Impact": "<p>攻击者可通过该漏洞读取泄露源码、数据库配置⽂件等等,导致⽹站处于极度不安全状态。</p>",
"Product": "CirCarLife-Scada",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://circontrol.com\">https://circontrol.com</a></p><p>1、部署Web应⽤防⽕墙对数据库操作进⾏监控。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "CirCarLife SCADA 4.3 Credential Disclosure",
"VulType": ["info-disclosure"],
"Description": "<p>Circontrol is a Spanish manufacturer that insists on developing innovative technologies to provide competitive and comprehensive products and solutions for eMobility and efficiency of parking lots.</p><p>CirCarLife Scada all versions under 4.3.0 OCPP implementation all versions under 1.5.0 has an information disclosure vulnerability, leaking information such as logs and configuration</p>",
"Impact": "<p>Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website.</p>",
"Product": "CirCarLife-Scada",
"Recommendation":"<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://circontrol.com\">https://circontrol.com/</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2. If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://www.exploit-db.com/exploits/45384"
],
"HasExp": true,
"ExpParams": [
{
"name": "filepath",
"type": "createSelect",
"value": "/html/repository,/services/system/setup.json,/html/log,/services/system/info.html"
}
],
"ExpTips": null,
"ScanSteps": null,
"ExploitSteps": null,
"Tags": [
"fileread"
],
"VulType": ["infoleak"],
"CVE": "CVE-2018-12634",
"CNNVD": "",
"CNVD": "",
"CVSSScore": "0.0",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": ["CirCarLife-Scada"]
}
}
Reference in New Issue View Git Blame Copy Permalink