← Back

Carel

carel

11 CVEs • 12 products

Products (12)

Click to collapse
Toggle
Pcoweb Card Firmware
pcoweb_card_firmware
4 CVEs
Pcoweb Firmware
pcoweb_firmware
2 CVEs
Boss Mini Firmware
boss_mini_firmware
2 CVEs
Plantvisor
plantvisor
1 CVE
Plantvisor Enhanced
plantvisor_enhanced
1 CVE
Applica
applica
1 CVE
Pcoweb Hvac Bacnet Gateway
pcoweb_hvac_bacnet_gateway
1 CVE
Pcoweb Card Web
pcoweb_card_web
1 CVE
Pcoweb Card Bios
pcoweb_card_bios
1 CVE
Pcoweb Card Boot
pcoweb_card_boot
1 CVE
Pcoweb Card
pcoweb_card
0 CVEs
Boss Mini
boss_mini
0 CVEs

CVEs (11)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-3643
1Carel
1Boss Mini Firmware
Nov 21, 2024
Jul 12, 2023
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion....Show more
A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233889 was assigned to this vulnerability.Show less
CVE-2020-18329
1Carel
3Pcoweb Card Bios
Pcoweb Card BootPcoweb Card Web
Apr 2, 2025
Jan 26, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface.
CVE-2022-34827
1Carel
1Boss Mini Firmware
Apr 29, 2025
Nov 18, 2022
N/A· v4
9.9 CRITICAL· v3
N/A· v2
Carel Boss Mini 1.5.0 has Improper Access Control.
CVE-2022-37122
1Carel
3Applica
Pcoweb Card FirmwarePcoweb Hvac Bacnet Gateway
Nov 21, 2024
Aug 31, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'fi...Show more
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.Show less
CVE-2019-13553
1Carel
1Pcoweb Firmware
Nov 21, 2024
Oct 25, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow...Show more
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point.Show less
CVE-2019-13549
1Carel
1Pcoweb Firmware
Nov 21, 2024
Oct 25, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized con...Show more
Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication.Show less
CVE-2019-11370
1Carel
1Pcoweb Card Firmware
Nov 21, 2024
Jun 3, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field.
CVE-2019-11369
1Carel
1Pcoweb Card Firmware
Nov 21, 2024
Jun 3, 2019
N/A· v4
8.8 HIGH· v3
4.0 MEDIUM· v2
An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device.
CVE-2019-9484
1Carel
1Pcoweb Card Firmware
Jun 17, 2026
Mar 1, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is...Show more
The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode."Show less
CVE-2016-0867
1Carel
1Plantvisor Enhanced
May 6, 2026
Jan 30, 2016
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request.
CVE-2011-3487
1Carel
1Plantvisor
Apr 29, 2026
Sep 16, 2011
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.