This page lists publicly disclosed CVE vulnerabilities affecting computrols computrols_building_automation_software (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-10848 | Computrols CBAS 18.0.0 allows Username Enumeration. | [email protected] | 5.3 | 4.96% | 2019-05-24 | 2024-11-21 |
| CVE-2019-10847 | Computrols CBAS 18.0.0 allows Cross-Site Request Forgery. | [email protected] | 8.8 | 0.44% | 2019-05-24 | 2024-11-21 |
| CVE-2019-10850 | Computrols CBAS 18.0.0 has Default Credentials. | [email protected] | 9.8 | 0.39% | 2019-05-23 | 2024-11-21 |
| CVE-2019-10849 | Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure. | [email protected] | 7.5 | 11.54% | 2019-05-23 | 2024-11-21 |
| CVE-2019-10855 | Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database. | [email protected] | 7.5 | 0.15% | 2019-05-23 | 2024-11-21 |
| CVE-2019-10854 | Computrols CBAS 18.0.0 allows Authenticated Command Injection. | [email protected] | 8.8 | 16.13% | 2019-05-23 | 2024-11-21 |
| CVE-2019-10853 | Computrols CBAS 18.0.0 allows Authentication Bypass. | [email protected] | 8.1 | 0.43% | 2019-05-23 | 2024-11-21 |
| CVE-2019-10852 | Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring. | [email protected] | 8.8 | 0.12% | 2019-05-23 | 2024-11-21 |
| CVE-2019-10851 | Computrols CBAS 18.0.0 has hard-coded encryption keys. | [email protected] | 6.5 | 0.12% | 2019-05-23 | 2024-11-21 |