cbcvebase.
CVE-2019-11370
published 2019-06-03

CVE-2019-11370: Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.

PriorityP278medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.98%
89.2th percentile
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.

Affected

1 ranges
VendorProductVersion rangeFixed in
carelpcoweb_card_firmware< b1.2.4b1.2.4

Detection & IOCsextracted from sources · hover to see the quote

url/config/pw_snmp.html
command%3Fscript%3Asetdb%28%27snmp%27%2C%27syscontact%27%29=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E
sigma
title: Carel pCOWeb Stored XSS CVE-2019-11370
detection:
  keywords:
    - 'alert(document.domain)'
  condition: and
# digest: 490a004630440220323529b4f284791ba73344bbfd89893004b000620e9b2cb098f4d694c00b752602201a1a5dfcd1dbd9e9868f40b5ae90c554548bc4812f63a052c40a0f70d7f73aa1:922c64590222798bb761d5b6d8e72950
  • Monitor HTTP POST requests to /config/pw_snmp.html targeting the 'syscontact' parameter for script injection payloads (e.g., URL-encoded '<script>' tags or 'alert(' strings).
  • The XSS payload is stored in the SNMP 'System contact' field; inspect stored values in that field for embedded script tags or JavaScript event handlers.
  • ·Vulnerability affects Carel pCOWeb firmware versions prior to B1.2.4 only; patched devices running B1.2.4 or later are not affected.

CVSS provenance

nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vulncheck5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.