circontrol 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に パス処理の欠陥 and バッファオーバーフロー などに関し、一部は ファイル上書き を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2020-8006 | The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In particular, there are no stack canaries and they do not use the Position Independent Executable (PIE) format. | [email protected] | 8.8 | 0.22% | 2024-04-12 | 2025-11-04 |
| CVE-2018-17922 | Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication. | [email protected] | 9.8 | 2.33% | 2018-11-02 | 2024-11-21 |
| CVE-2018-17918 | Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page. | [email protected] | 9.8 | 2.91% | 2018-11-02 | 2024-11-21 |
| CVE-2018-16672 | An issue was discovered in CIRCONTROL CirCarLife before 4.3. Due to the storage of multiple sensitive information elements in a JSON format at /services/system/setup.json, an authenticated but unprivileged user can exfiltrate critical setup information. | [email protected] | 6.5 | 1.22% | 2018-09-26 | 2024-11-21 |
| CVE-2018-16671 | An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is system software information disclosure due to lack of authentication for /html/device-id. | [email protected] | 5.3 | 42.49% | 2018-09-18 | 2024-11-21 |
| CVE-2018-16670 | An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is PLC status disclosure due to lack of authentication for /html/devstat.html. | [email protected] | 5.3 | 45.58% | 2018-09-18 | 2024-11-21 |
| CVE-2018-16669 | An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels. | [email protected] | 9.8 | 0.93% | 2018-09-18 | 2024-11-21 |
| CVE-2018-16668 | An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository. | [email protected] | 5.3 | 52.18% | 2018-09-18 | 2024-11-21 |
| CVE-2018-12635 | CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs. | [email protected] | 7.5 | 0.24% | 2018-06-22 | 2024-11-21 |
| CVE-2018-12634 | CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. | [email protected] | 9.8 | 92.45% | 2018-06-22 | 2024-11-21 |