| CVE-2018-12634 | CirCarLife Scada < v4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. | POC |

| CVE-2018-16668 | CirCarLife Scada < v4.3 internal installation path disclosure. | POC |

| CVE-2018-16669 | Due to a clear-text stored credentials, an unprivileged user can gain access to other services with higher privileges exploiting a flaw on Open Charge Point Protocol web implementation. All versions prior to <1.5.0 are vulnerable. | POC |

| CVE-2018-16670 | CirCarLife Scada < v4.3 allows remote attackers to obtain the status of PLCs used at charge stations. | POC |

| CVE-2018-16671 | CirCarLife Scada < v4.3 allows remote attackers to obtain software and hardware versions. | POC |

| CVE-2018-16672 | CirCarLife Scada < v4.3 allows remote authenticated attackers to obtain critical details about the carge station including credentials for GPRS Router. | POC |

| CVE-2018-7812 | An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200. | POC |