Lucene search
K

56 matches found

Nuclei
Nuclei
added yesterday42 views

Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Path Traversal

Carel pCOWeb HVAC BACnet Gateway 2.1.0 contains an unauthenticated arbitrary file disclosure caused by improper verification of the 'file' GET parameter in logdownload.cgi, letting attackers disclose sensitive files via directory traversal, exploit requires no authentication. id: CVE-2022-37122...

7.5CVSS7AI score0.19669EPSS
Exploits3References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:50 a.m.8 views

CVE-2022-37122

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly...

7.5CVSS6.9AI score0.19669EPSS
Exploits3References1
GithubExploit
GithubExploit
added 2025/10/12 2:1 a.m.176 views

Exploit for Path Traversal in Carel Pcoweb_Card_Firmware

CVE-2022-37122 Path Traversal Scanner !Bannerhttps://raw.g...

7.5CVSS7.3AI score0.19669EPSS
Exploits3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-3047

Malware in sbrugna...

8.8CVSS8.8AI score0.07058EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2025/05/22 10:12 a.m.7 views

CVE-2019-11369

An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pwchangeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device...

8.8CVSS6.3AI score0.07058EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.15 views

CVE-2019-13549

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on an...

7.5CVSS7.2AI score0.01035EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:6 a.m.9 views

CVE-2019-11370

Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pwsnmp.html "System contact" field...

5.4CVSS5.8AI score0.03977EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-11370

Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pwsnmp.html "System contact" field...

5.4CVSS6AI score0.03977EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.2 views

Carel pCOWeb 安全漏洞

Carel pCOWeb is a programmable control card. A security vulnerability exists in Carel pCOWeb card BIOS version v6.27, BOOT version v5.00, and web version v2.2. An attacker could use this vulnerability to gain access to the configuration and service interfaces...

7.5CVSS7.4AI score0.00934EPSS
Exploits0References3
NVD
NVD
added 2022/08/31 4:15 p.m.30 views

CVE-2022-37122

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly...

7.5CVSS0.19669EPSS
Exploits3References3
OSV
OSV
added 2022/08/31 4:15 p.m.5 views

CVE-2022-37122

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly...

7.5CVSS5.8AI score0.19669EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2022/08/31 4:15 p.m.5 views

CVE-2022-37122

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly...

7.5CVSS7.1AI score0.19669EPSS
Exploits3References5
Prion
Prion
added 2022/08/31 4:15 p.m.18 views

Directory traversal

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly...

5CVSS7.5AI score0.19669EPSS
Exploits3References3Affected Software3
Cvelist
Cvelist
added 2022/08/31 3:47 p.m.33 views

CVE-2022-37122

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly...

7.6AI score0.19669EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2022/08/31 12:0 a.m.5 views

PT-2022-23822

Name of the Vulnerable Software and Affected Versions Carel pCOWeb HVAC BACnet Gateway versions 2.1.0, Firmware A2.1.0 through B2.1.0, Application Software 2.15.4A Software v16 13020200 Description The Carel pCOWeb HVAC BACnet Gateway is affected by an unauthenticated arbitrary file disclosure...

7.5CVSS7.5AI score0.19669EPSS
Exploits3References7
CNNVD
CNNVD
added 2022/08/31 12:0 a.m.6 views

Carel pCOWeb HVAC BACnet Gateway 路径遍历漏洞

Carel pCOWeb is a programmable control card. A security vulnerability exists in Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware versions A2.1.0 - B2.1.0, Application Software version 2.15.4A, and Software v16 13020200, which stems from the presence of an unauthenticated Arbitrary File Disclosure...

7.5CVSS6.8AI score0.19669EPSS
Exploits3References4
0day.today
0day.today
added 2022/07/31 12:0 a.m.251 views

Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal Vulnerability

Exploit Title: Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal Exploit Author: LiquidWorm Vendor: CAREL INDUSTRIES S.p.A. Product web page: https://www.carel.com Affected version: Firmware: A2.1.0 - B2.1.0 Application Software: 2.15.4A Software version: v16 13020200 Summary: pCO...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2022/07/29 12:0 a.m.330 views

Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal

Exploit Title: Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Directory Traversal Exploit Author: LiquidWorm Vendor: CAREL INDUSTRIES S.p.A. Product web page: https://www.carel.com Affected version: Firmware: A2.1.0 - B2.1.0 Application Software: 2.15.4A Software version: v16 13020200 Summary: pCO...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/07/01 12:0 a.m.244 views

Carel pCOWeb HVAC BACnet Gateway 2.1.0 Unauthenticated Directory Traversal

Carel pCOWeb HVAC BACnet Gateway 2.1.0 Unauthenticated Directory Traversal Vendor: CAREL INDUSTRIES S.p.A. Product web page: https://www.carel.com Affected version: Firmware: A2.1.0 - B2.1.0 Application Software: 2.15.4A Software version: v16 13020200 Summary: pCO sistema is the solution CAREL...

0.5AI score
Exploits0
0day.today
0day.today
added 2022/07/01 12:0 a.m.366 views

Carel pCOWeb HVAC BACnet Gateway 2.1.0 Unauthenticated Directory Traversal Vulnerability

Carel pCOWeb HVAC BACnet Gateway version 2.1.0 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the file GET parameter through the logdownload.cgi bash script is not properly verified before being used to download log files. This can be exploited to...

7.2AI score
Exploits0
Rows per page
Query Builder