HIGH🇬🇧 English

CVE-2019-9484

CVSS 7.5v3.0pub. 2019-03-01upd. 2024-11-21

The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode."

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Carel Pcoweb Card

    HW
    Carel
    wszystkie wersje
  • Carel Pcoweb Card Firmware

    OS
    Carel
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-37122HIGH7.5ten sam produkt

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 ...

CVE-2019-11369HIGH8.8ten sam produkt

An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores clea...

CVE-2019-11370MEDIUM5.4ten sam produkt

Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System ...

CVE-2022-34827CRITICAL9.9ten sam vendor

Carel Boss Mini 1.5.0 has Improper Access Control.

CVE-2019-13553CRITICAL9.8ten sam vendor

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentic...