Vulnerability Details CVE-2019-9484
The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2019-9484
-
cpe:2.3:h:carel:pcoweb_card:-
-
cpe:2.3:o:carel:pcoweb_card_firmware:-