08 November 2018
Critical vulnerabilities in CirCarLife electric vehicle chargers
Two remotely exploitable vulnerabilities have been identified in CirCarLife electric vehicle chargers manufactured by Circontrol. The vulnerabilities affect all CirCarLife versions prior to 4.3.1.
One vulnerability, CVE-2018-17918, allows an attacker to bypass authentication to the device by entering the URL of a specific page. The second vulnerability, CVE-2018-17922, is caused by the Password Authentication Protocol (PAP) credentials of the device being stored insecurely – in clear text in a log file that is accessible without authentication. An attacker can take advantage of this flaw to bypass the authentication mechanism and perform unauthorized operations, and to access critical information.
Both vulnerabilities have been assigned the highest possible CVSS v.3 base score of 10.
The vendor has fixed the above issues by releasing a new version of the software.
Threats to ICS and industrial enterprises in 2022 as they are foreseen from November 2021
23 November 2021
Good old buffer overflow
31 March 2021
Network Asset Traversal or NATural disaster: NAT Slipstreaming 2.0
30 March 2021