Carel Pcoweb Card Firmware vulnerabilities
3 known vulnerabilities affecting carel/pcoweb_card_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
1
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-11370P2MEDIUMCVSS 5.4ExploitedPoCfixed in b1.2.42019-06-03
CVE-2019-11370 [MEDIUM] CWE-79 CVE-2019-11370: Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.htm
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.
nvd
CVE-2022-37122P2HIGHCVSS 7.5PoC≥ a2.1.0, ≤ b.2.1.02022-08-31
CVE-2022-37122 [HIGH] CWE-22 CVE-2022-37122: Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Sof
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified before being used to download log files. This can
nvd
CVE-2019-11369P3HIGHCVSS 8.8PoCfixed in b1.2.12019-06-03
CVE-2019-11369 [HIGH] CWE-522 CVE-2019-11369: An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device s
An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device.
nvd