Description
An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device.
Exploits (1)
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://drive.google.com/open?id=12Sq6oaxe1mC1y71Emo1YladjDjwTdNfb
Exploit, Third Party Advisory x_refsource_misc
https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11369
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Oct/45
Scores
CVSS v3
8.8
EPSS
0.0797
EPSS Percentile
92.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
Status
published
Products (1)
carel/pcoweb_card_firmware
< b1.2.1
Published
Jun 03, 2019
Tracked Since
Feb 18, 2026