Vulnerabilities > Carel > Pcoweb Card Firmware > b.2.1.0

DATE CVE VULNERABILITY TITLE RISK
2022-08-31 CVE-2022-37122 Path Traversal vulnerability in Carel products
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability.
network
low complexity
carel CWE-22
7.5
7.5
2019-06-03 CVE-2019-11370 Cross-site Scripting vulnerability in Carel Pcoweb Card Firmware A2.1.0/B.2.1.0/B1.2.1
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.
network
low complexity
carel CWE-79
5.4
5.4
2019-06-03 CVE-2019-11369 Insufficiently Protected Credentials vulnerability in Carel Pcoweb Card Firmware A2.1.0/B.2.1.0
An issue was discovered in Carel pCOWeb prior to B1.2.4.
network
low complexity
carel CWE-522
8.8
8.8