MEDIUM🇬🇧 English

CVE-2019-11370

CVSS 5.4v3.0pub. 2019-06-03upd. 2024-11-21

Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  • Carel Pcoweb Card

    HW
    Carel
    wszystkie wersje
  • Carel Pcoweb Card Firmware

    OS
    Carel
    < b1.2.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2022-37122HIGH7.5ten sam produkt

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 ...

CVE-2019-11369HIGH8.8ten sam produkt

An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores clea...

CVE-2019-9484HIGH7.5ten sam produkt

The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attacker...

CVE-2022-34827CRITICAL9.9ten sam vendor

Carel Boss Mini 1.5.0 has Improper Access Control.

CVE-2019-13553CRITICAL9.8ten sam vendor

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentic...