HIGH🇬🇧 English

CVE-2023-3643

CVSS 7.3v3.1pub. 2023-07-12upd. 2024-11-21

A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233889 was assigned to this vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  • Carel Boss Mini

    HW
    Carel
    wszystkie wersje
  • Carel Boss Mini Firmware

    OS
    Carel
    1.4.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-34827CRITICAL9.9ten sam produkt

Carel Boss Mini 1.5.0 has Improper Access Control.

CVE-2019-13553CRITICAL9.8ten sam vendor

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentic...

CVE-2020-18329HIGH7.5ten sam vendor

An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allo...

CVE-2022-37122HIGH7.5ten sam vendor

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 ...

CVE-2019-13549HIGH7.5ten sam vendor

Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentic...