CVE-2017-6565

HIGH

Franklin Fueling Systems TS-550 evo 2.3.0.7332 - Unauthenticated Arbitrary File Upload via roleDiag User

Title source: llm
STIX 2.1

Description

On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload.

References (2)

Core 2
Core References
Technical Description, Third Party Advisory, URL Repurposed x_refsource_misc
http://www.u235.io/single-post/2017/05/01/Penetrating-Fuel-Management-Systems

Scores

CVSS v3 8.8
EPSS 0.0103
EPSS Percentile 59.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (1)
franklinfueling/ts-550_evo_firmware 2.3.0.7332
Published May 01, 2017
Tracked Since Feb 18, 2026