ICSA-18-305-03 · Published 2018-11-01 · View on CISA ICS-CERT ↗

Circontrol CirCarLife

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow a remote attacker to retrieve credentials stored in clear text to bypass authentication, and see and access critical information.

CVEs (2)

CVE-2018-17918 CVE-2018-17922

Remediations

Circontrol has released a new version of the software that is available at (login required):

Affected Vendors

Circontrol

Affected Products (1)

Circontrol · CirCarLife < 4.3.1

Affected Sectors

Transportation Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more