An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCarel Pcoweb Card
HWCarelwszystkie wersjeCarel Pcoweb Card Firmware
OSCarel< b1.2.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje
Powiązane podatności
CVE-2022-37122HIGH7.5ten sam produkt
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 ...
CVE-2019-9484HIGH7.5ten sam produkt
The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attacker...
CVE-2019-11370MEDIUM5.4ten sam produkt
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System ...
CVE-2022-34827CRITICAL9.9ten sam vendor
Carel Boss Mini 1.5.0 has Improper Access Control.
CVE-2019-13553CRITICAL9.8ten sam vendor
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentic...