Vulnerabilities > Carel > Pcoweb Card Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-06-03 CVE-2019-11370 Cross-site Scripting vulnerability in Carel Pcoweb Card Firmware
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.
network
carel CWE-79
3.5
3.5
2019-06-03 CVE-2019-11369 Insufficiently Protected Credentials vulnerability in Carel Pcoweb Card Firmware
An issue was discovered in Carel pCOWeb prior to B1.2.4.
network
low complexity
carel CWE-522
4.0
4.0
2019-03-01 CVE-2019-9484 Missing Authentication for Critical Function vulnerability in Carel Pcoweb Card Firmware
The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode."
network
low complexity
carel CWE-306
7.5
7.5