Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11369 | 1 Carel | 2 Pcoweb Card, Pcoweb Card Firmware | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device. | |||||
| CVE-2019-9484 | 1 Carel | 2 Pcoweb Card, Pcoweb Card Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode." | |||||
| CVE-2019-11370 | 1 Carel | 2 Pcoweb Card, Pcoweb Card Firmware | 2019-06-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field. | |||||