CVE-2018-12634

CRITICAL NUCLEI

CirCarLife Scada <4.3 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-12634. PoCs published by SadFud. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit targets CirCarLife SCADA systems (versions < 4.3.0) and PsiOcppApp (versions < 1.5.0) to disclose sensitive information, including admin credentials, via multiple endpoints. It leverages CVE-2018-12634 and related CVEs to extract software versions, PLC statuses, installation paths, and GPRS modem details.

Description

CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.

Exploits (1)

exploitdb WORKING POC

by SadFud · pythonwebappshardware

https://www.exploit-db.com/exploits/45384

View Code ZIP pw:eip

This exploit targets CirCarLife SCADA systems (versions < 4.3.0) and PsiOcppApp (versions < 1.5.0) to disclose sensitive information, including admin credentials, via multiple endpoints. It leverages CVE-2018-12634 and related CVEs to extract software versions, PLC statuses, installation paths, and GPRS modem details.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: CirCarLife SCADA < 4.3.0, PsiOcppApp < 1.5.0

No auth needed

Prerequisites: Network access to the target system · Exposed endpoints (e.g., /html/log, /services/system/info.html)

MITRE ATT&CK

T1592 - Gather Victim Host Information T1087 - Account Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

CirCarLife Scada <4.3 - System Log Exposure

CRITICALby geeknik

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45384/

Third Party Advisory x_refsource_misc

https://www.seebug.org/vuldb/ssvid-97353

Third Party Advisory x_refsource_misc

https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.5774

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-200

Status published

Products (1)

circontrol/circarlife_scada < 4.3

Published Jun 22, 2018

Tracked Since Feb 18, 2026