HIGH🇬🇧 English

CVE-2019-11369

CVSS 8.8v3.0pub. 2019-06-03upd. 2024-11-21

An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Carel Pcoweb Card

    HW
    Carel
    wszystkie wersje
  • Carel Pcoweb Card Firmware

    OS
    Carel
    < b1.2.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-37122HIGH7.5ten sam produkt

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 ...

CVE-2019-9484HIGH7.5ten sam produkt

The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attacker...

CVE-2019-11370MEDIUM5.4ten sam produkt

Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System ...

CVE-2022-34827CRITICAL9.9ten sam vendor

Carel Boss Mini 1.5.0 has Improper Access Control.

CVE-2019-13553CRITICAL9.8ten sam vendor

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentic...

CVE-2019-11369 — HIGH 8.8 | CVEbaza.pl