VYPR
Vendor

Carel

Products
6
CVEs
9
Across products
9
Status
Private

Products

6

Recent CVEs

9
  • CVE-2016-0867HigJan 30, 2016
    risk 0.49cvss 7.5epss 0.02

    CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request.

  • CVE-2023-3643Jul 12, 2023
    risk 0.06cvss epss 0.75

    A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit…

  • CVE-2022-37122Aug 31, 2022
    risk 0.06cvss epss 0.18

    Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script…

  • CVE-2019-11369Jun 3, 2019
    risk 0.04cvss epss 0.07

    An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device.

  • CVE-2011-3487Sep 16, 2011
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.

  • CVE-2019-11370Jun 3, 2019
    risk 0.03cvss epss 0.04

    Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.

  • CVE-2022-34827Nov 18, 2022
    risk 0.00cvss epss 0.01

    Carel Boss Mini 1.5.0 has Improper Access Control.

  • CVE-2019-13553Oct 25, 2019
    risk 0.00cvss epss 0.02

    Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the…

  • CVE-2019-13549Oct 25, 2019
    risk 0.00cvss epss 0.01

    Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning…