Описание
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.
Ссылки
- Exploit
- ExploitThird Party AdvisoryVDB Entry
- Exploit
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.0 (исключая)
cpe:2.3:a:circontrol:open_charge_point_protocol:*:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00984
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-522
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.
EPSS
Процентиль: 76%
0.00984
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-522