VYPR

pCOWeb

by Carel

CVEs (3)

  • CVE-2019-11369Jun 3, 2019
    risk 0.04cvss epss 0.07

    An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device.

  • CVE-2019-11370Jun 3, 2019
    risk 0.03cvss epss 0.04

    Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.

  • CVE-2019-13553Oct 25, 2019
    risk 0.00cvss epss 0.02

    Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the…