Cir-PWN-life is proof of concept for exploiting multiple vulnerabilities affecting Circontrol products in an automated way.
| CVE | Description |
|---|---|
| CVE-2018-12634 | CirCarLife Scada < v4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. |
| CVE-2018-16668 | CirCarLife Scada < v4.3 internal installation path disclosure. |
| CVE-2018-16669 | Due to a clear-text stored credentials, an unprivileged user can gain access to other services with higher privileges exploiting a flaw on Open Charge Point Protocol web implementation. All versions prior to <1.5.0 are vulnerable. |
| CVE-2018-16670 | CirCarLife Scada < v4.3 allows remote attackers to obtain the status of PLCs used at charge stations. |
| CVE-2018-16671 | CirCarLife Scada < v4.3 allows remote attackers to obtain software and hardware versions. |
| CVE-2018-16672 | CirCarLife Scada < v4.3 allows remote authenticated attackers to obtain critical details about the carge station including credentials for GPRS Router. |
| Engine | Dork | Results |
|---|---|---|
| Shodan | Server: CirCarLife | 506 |
| Shodan | Server: PsiOcppApp | 1057 |
| Zoomeye | "Server: CirCarLife Scada" | 984 |
Bruteforce module can be started entering b as user when it's requested Bruteforce dictionary format -> username:password Default credentials -> admin:1234
- 2018/06/21 - CVE-2018-12634 CVE assigned
- 2018/09/04 - Vendor contacted without response
- 2018/09/06 - CVE-2018-16668 - 16672 CVE assigned
- 2018/09/06 - Spanish government CERT contacted for coordinated disclosure and further contact with the vendor to publish a patch.
- 2018/09/10 - POC published
Last update: 2018/09/10. No patch available