PT-2019-12262 · Carel · Pcoweb
Publicado
2019-06-03
·
Atualizado
2020-08-24
·
CVE-2019-11369
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Carel pCOWeb versions prior to B1.2.4
Description
An issue in Carel pCOWeb allows the device to store cleartext passwords in the /config/pw changeusers.html file, potentially enabling someone with access to the device to read sensitive information.
Recommendations
For versions prior to B1.2.4, update to version B1.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the /config/pw changeusers.html file to minimize the risk of exploitation.
Exploit
Correção
Insufficiently Protected Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Pcoweb