Lucene search

[email protected]NVD:CVE-2020-18329

HistoryJan 26, 2023 - 9:15 p.m.

CVE-2020-18329

2023-01-2621:15:18

CWE-281

[email protected]

web.nvd.nist.gov

rehau devices

unauthenticated access

configuration

service interface

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

50.2%

JSON

An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface.

Affected configurations

NVD

Node

carelpcoweb_card_webMatch2.2

carelpcoweb_card_biosMatch6.27

carelpcoweb_card_bootMatch5.00

References

github.com/cybertoxin/CVEs/blob/main/CVE_2020_18329.md

medium.com/%40SergiuSechel/insecure-permissions-in-rehau-group-unlimited-polymer-solutions-implementation-of-carel-pcoweb-514c148ae694

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

50.2%

JSON

Related for NVD:CVE-2020-18329

cvelist1 prion1 cve1