PT-2018-11299 · Circarlife · Circarlife Scada

Published

2018-06-22

Updated

2018-08-10

CVE-2018-12635

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions CirCarLife Scada version 4.2.4

Description The issue allows unauthorized upgrades through specific requests. This can be achieved by sending requests to the "html/upgrade.html" and "services/system/firmware.upgrade" API endpoints.

Recommendations For CirCarLife Scada version 4.2.4, restrict access to the "html/upgrade.html" and "services/system/firmware.upgrade" API endpoints to prevent unauthorized upgrades.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-12635

Affected Products

Circarlife Scada

PT-2018-11299 · Circarlife · Circarlife Scada

CVE-2018-12635

Weakness Enumeration

Related Identifiers

Affected Products

References · 3