CVE-2019-11369

EPSS 7.1%

An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/46898unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://drive.google.com/open?id=12Sq6oaxe1mC1y71Emo1YladjDjwTdNfb http://seclists.org/fulldisclosure/2019/Oct/45 https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11369