CVE-2018-16669

CRITICAL

CIRCONTROL OCPP <1.5.0 - Info Disclosure

Title source: llm

Description

An issue was discovered in CIRCONTROL Open Charge Point Protocol (OCPP) before 1.5.0, as used in CirCarLife, PowerStudio, and other products. Due to storage of credentials in XML files, an unprivileged user can look at /services/config/config.xml for the admin credentials of the ocpp and circarlife panels.

Exploits (1)

exploitdb WORKING POC

by SadFud · pythonwebappshardware

https://www.exploit-db.com/exploits/45384

View Code ZIP pw:eip

References (2)

[Exploit] https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45384/

Scores

CVSS v3 9.8

EPSS 0.0098

EPSS Percentile 76.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

circontrol/open_charge_point_protocol < 1.5.0

Timeline

Published Sep 18, 2018

Tracked Since Feb 18, 2026