CVE-2018-16669

Name of the Vulnerable Software and Affected Versions CIRCONTROL Open Charge Point Protocol (OCPP) versions prior to 1.5.0

Description An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) due to the storage of credentials in XML files. This allows an unprivileged user to access the admin credentials of the ocpp and circarlife panels by looking at the /services/config/config.xml file.

Recommendations For versions prior to 1.5.0, update to version 1.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the /services/config/config.xml file to prevent unauthorized users from obtaining the admin credentials.