CVE-2020-18329

Published: Jan 26, 2023Modified: Apr 2, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface.

Affected (3)

Products: Carel: Pcoweb Card Bios, Pcoweb Card Boot, Pcoweb Card Web

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Carel Pcoweb Card Bios	Version 6.27
Carel Pcoweb Card Boot	Version 5.00
Carel Pcoweb Card Web	Version 2.2

Related CWEs

CWE-281

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (4)

https://github.com/cybertoxin/CVEs/blob/main/CVE_2020_18329.md

Source: cve@mitre.org

Third Party Advisory

https://medium.com/%40SergiuSechel/insecure-permissions-in-rehau-group-unlimited-polymer-solutions-implementation-of-carel-pcoweb-514c148ae694

Source: cve@mitre.org

https://github.com/cybertoxin/CVEs/blob/main/CVE_2020_18329.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://medium.com/%40SergiuSechel/insecure-permissions-in-rehau-group-unlimited-polymer-solutions-implementation-of-carel-pcoweb-514c148ae694

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.