Carel pCOWeb <B1.2.4 - Cross-Site Scripting

Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pwsnmp.html "System contact" field. id: CVE-2019-11370 info: name: Carel pCOWeb B1.2.4 - Cross-Site Scripting author: arafatansari severity: medium description: | Carel pCOWeb prior to B1.2.4 ...

CAREL Boss Mini <= 1.4.0 - Local File Inclusion

Boss Mini 1.4.0 Build 6221 contains a file inclusion caused by manipulation of the 'path' argument in boss/servlet/document, letting remote attackers include arbitrary files, exploit requires remote access. id: CVE-2023-3643 info: name: CAREL Boss Mini = 1.4.0 - Local File Inclusion author:...

Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Path Traversal

Carel pCOWeb HVAC BACnet Gateway 2.1.0 contains an unauthenticated arbitrary file disclosure caused by improper verification of the 'file' GET parameter in logdownload.cgi, letting attackers disclose sensitive files via directory traversal, exploit requires no authentication. id: CVE-2022-37122...

CVE-2022-37122

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly...

📄 CAREL Boss / Boss Mini 1.4.0 Path Traversal

Proof of concept for an older vulnerability in 2023 where CAREL Boss and Boss Mini version 1.4.0 suffer from a path traversal vulnerability. ============================================================================================================================================= | Title : Boss...

Exploit for Path Traversal in Carel Pcoweb_Card_Firmware

CVE-2022-37122 Path Traversal Scanner !Bannerhttps://raw.g...

EUVD-2019-18858

Malware in sbrugna...

EUVD-2019-5004

Malware in sbrugna...

EUVD-2011-3450

Malware in sbrugna...

EUVD-2019-3047

Malware in sbrugna...

EUVD-2022-37733

Malicious code in bioql PyPI...

CVE-2022-34827

Carel Boss Mini 1.5.0 has Improper Access Control...

CVE-2019-11369

An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pwchangeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device...

CVE-2019-13549

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on an...

CVE-2019-11370

Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pwsnmp.html "System contact" field...

CAREL Boss-Mini

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : CAREL Equipment : Boss-Mini Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

VulnCheck KEV: CVE-2019-11370

Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pwsnmp.html "System contact" field...

Carel Boss Mini 安全漏洞

Carel Boss Mini is a locally supervised solution for small, medium and large systems from Carel Italia. A security vulnerability exists in Carel Boss Mini version 1.4.0 Build 6221, which stems from the parameter path of the file boss/servlet/document can lead to file inclusion...

Carel pCOWeb 安全漏洞

Carel pCOWeb is a programmable control card. A security vulnerability exists in Carel pCOWeb card BIOS version v6.27, BOOT version v5.00, and web version v2.2. An attacker could use this vulnerability to gain access to the configuration and service interfaces...

CVE-2022-34827

Carel Boss Mini 1.5.0 has Improper Access Control...