Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Pcoweb Card Firmware Security Vulnerabilities

cve
cve

CVE-2019-11369

An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device.

8.8CVSS

8.2AI Score

0.069EPSS

2019-06-03 08:29 PM
66
cve
cve

CVE-2019-11370

Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.

5.4CVSS

5.1AI Score

0.17EPSS

2019-06-03 08:29 PM
64
cve
cve

CVE-2019-9484

The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode."

7.5CVSS

7.6AI Score

0.007EPSS

2019-03-01 07:29 AM
27
cve
cve

CVE-2022-37122

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly ver...

7.5CVSS

7.4AI Score

0.015EPSS

2022-08-31 04:15 PM
27
4