Carel
Products
6- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0867 | Hig | 0.49 | 7.5 | 0.02 | Jan 30, 2016 | CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request. | ||
| CVE-2023-3643 | 0.06 | — | 0.75 | Jul 12, 2023 | A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit… | |||
| CVE-2022-37122 | 0.06 | — | 0.18 | Aug 31, 2022 | Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script… | |||
| CVE-2019-11369 | 0.04 | — | 0.07 | Jun 3, 2019 | An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device. | |||
| CVE-2011-3487 | 0.04 | — | 0.07 | Sep 16, 2011 | Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request. | |||
| CVE-2019-11370 | 0.03 | — | 0.04 | Jun 3, 2019 | Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field. | |||
| CVE-2022-34827 | 0.00 | — | 0.01 | Nov 18, 2022 | Carel Boss Mini 1.5.0 has Improper Access Control. | |||
| CVE-2019-13553 | 0.00 | — | 0.02 | Oct 25, 2019 | Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the… | |||
| CVE-2019-13549 | 0.00 | — | 0.01 | Oct 25, 2019 | Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning… |
- risk 0.49cvss 7.5epss 0.02
CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request.
- CVE-2023-3643Jul 12, 2023risk 0.06cvss —epss 0.75
A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit…
- CVE-2022-37122Aug 31, 2022risk 0.06cvss —epss 0.18
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script…
- CVE-2019-11369Jun 3, 2019risk 0.04cvss —epss 0.07
An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device.
- CVE-2011-3487Sep 16, 2011risk 0.04cvss —epss 0.07
Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
- CVE-2019-11370Jun 3, 2019risk 0.03cvss —epss 0.04
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.
- CVE-2022-34827Nov 18, 2022risk 0.00cvss —epss 0.01
Carel Boss Mini 1.5.0 has Improper Access Control.
- CVE-2019-13553Oct 25, 2019risk 0.00cvss —epss 0.02
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the…
- CVE-2019-13549Oct 25, 2019risk 0.00cvss —epss 0.01
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning…