PT-2019-12262 · Carel · Pcoweb
Published
2019-06-03
·
Updated
2020-08-24
·
CVE-2019-11369
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Carel pCOWeb versions prior to B1.2.4
Description
An issue in Carel pCOWeb allows the device to store cleartext passwords in the /config/pw changeusers.html file, potentially enabling someone with access to the device to read sensitive information.
Recommendations
For versions prior to B1.2.4, update to version B1.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the /config/pw changeusers.html file to minimize the risk of exploitation.
Exploit
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pcoweb