CVE-2022-37122
- EPSS 58.5%
- Veröffentlicht 31.08.2022 16:15:11
- Zuletzt bearbeitet 21.11.2024 07:14:29
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the ...
CVE-2019-11369
- EPSS 8.11%
- Veröffentlicht 03.06.2019 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:58
An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device.
CVE-2019-11370
- EPSS 7.62%
- Veröffentlicht 03.06.2019 20:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:58
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.
CVE-2019-9484
- EPSS 0.28%
- Veröffentlicht 01.03.2019 07:29:00
- Zuletzt bearbeitet 21.11.2024 04:51:42
The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party...