Filtered by vendor Carel
Subscribe
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-18329 | 1 Carel | 3 Pcoweb Card Bios, Pcoweb Card Boot, Pcoweb Card Web | 2023-02-03 | N/A | 7.5 HIGH |
| An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface. | |||||
| CVE-2022-34827 | 1 Carel | 2 Boss Mini, Boss Mini Firmware | 2022-11-23 | N/A | 9.9 CRITICAL |
| Carel Boss Mini 1.5.0 has Improper Access Control. | |||||
| CVE-2019-9484 | 1 Carel | 2 Pcoweb Card, Pcoweb Card Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode." | |||||
| CVE-2019-11369 | 1 Carel | 2 Pcoweb Card, Pcoweb Card Firmware | 2020-08-24 | 4.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device. | |||||
| CVE-2019-13549 | 2 Carel, Rittal | 2 Pcoweb Firmware, Chiller Sk 3232 | 2020-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication. | |||||
| CVE-2019-13553 | 2 Carel, Rittal | 2 Pcoweb Firmware, Chiller Sk 3232 | 2020-02-10 | 10.0 HIGH | 9.8 CRITICAL |
| Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point. | |||||
| CVE-2019-11370 | 1 Carel | 2 Pcoweb Card, Pcoweb Card Firmware | 2019-06-04 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field. | |||||
| CVE-2011-3487 | 1 Carel | 1 Plantvisor | 2017-09-15 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request. | |||||
| CVE-2016-0867 | 1 Carel | 1 Plantvisor Enhanced | 2016-03-01 | 7.8 HIGH | 7.5 HIGH |
| CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request. | |||||