CVE-2017-6565
HIGHFranklin Fueling Systems TS-550 evo 2.3.0.7332 - Unauthenticated Arbitrary File Upload via roleDiag User
Title source: llmDescription
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload.
References (2)
Core 2
Core References
Technical Description, Third Party Advisory, URL Repurposed x_refsource_misc
http://www.u235.io/single-post/2017/05/01/Penetrating-Fuel-Management-Systems
Third Party Advisory x_refsource_misc
https://gist.github.com/Stick-U235/b187931f828e92866d09b9bdeb956ca2
Scores
CVSS v3
8.8
EPSS
0.0103
EPSS Percentile
59.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (1)
franklinfueling/ts-550_evo_firmware
2.3.0.7332
Published
May 01, 2017
Tracked Since
Feb 18, 2026