Vulnerabilities > CVE-2020-18329 - Improper Preservation of Permissions vulnerability in Carel Pcoweb Card Bios, Pcoweb Card Boot and Pcoweb Card web

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

carel

CWE-281

NVD

Published: 2023-01-26

Updated: 2023-11-07

Summary

An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface.

Vulnerable Configurations

Part	Description	Count
Application	Carel Carel Pcoweb Card WEB 2.2	1
OS	Carel Carel Pcoweb Card Boot 5.00 Carel Pcoweb Card Bios 6.27	2

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://github.com/cybertoxin/CVEs/blob/main/CVE_2020_18329.md
https://medium.com/%40SergiuSechel/insecure-permissions-in-rehau-group-unlimited-polymer-solutions-implementation-of-carel-pcoweb-514c148ae694