Vulnerabilities > Carel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-12 | CVE-2023-3643 | Unspecified vulnerability in Carel Boss Mini Firmware 1.4.0 A vulnerability was found in Boss Mini 1.4.0 Build 6221. | 9.8 |
| 2023-01-26 | CVE-2020-18329 | Improper Preservation of Permissions vulnerability in Carel Pcoweb Card Bios, Pcoweb Card Boot and Pcoweb Card web An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface. | 7.5 |
| 2022-11-18 | CVE-2022-34827 | Unspecified vulnerability in Carel Boss Mini Firmware 1.5.0 Carel Boss Mini 1.5.0 has Improper Access Control. | 9.9 |
| 2022-08-31 | CVE-2022-37122 | Path Traversal vulnerability in Carel products Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. | 7.5 |
| 2019-10-25 | CVE-2019-13553 | Use of Hard-coded Credentials vulnerability in Carel Pcoweb Firmware A1.5.3/A2.0.4/B1.2.4 Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. | 9.8 |
| 2019-10-25 | CVE-2019-13549 | Missing Authentication for Critical Function vulnerability in Carel Pcoweb Firmware A1.5.3/A2.0.4/B1.2.4 Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. | 7.5 |
| 2019-06-03 | CVE-2019-11370 | Cross-site Scripting vulnerability in Carel Pcoweb Card Firmware A2.1.0/B.2.1.0/B1.2.1 Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field. | 5.4 |
| 2019-06-03 | CVE-2019-11369 | Insufficiently Protected Credentials vulnerability in Carel Pcoweb Card Firmware A2.1.0/B.2.1.0 An issue was discovered in Carel pCOWeb prior to B1.2.4. | 8.8 |
| 2019-03-01 | CVE-2019-9484 | Missing Authentication for Critical Function vulnerability in Carel Pcoweb Card Firmware The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode." | 7.5 |
| 2016-01-30 | CVE-2016-0867 | Information Exposure vulnerability in Carel Plantvisor Enhanced CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request. | 7.5 |