CVE-2019-11370 Scanner
Detects 'Cross-Site Scripting (XSS)' vulnerability in Carel pCOWeb affects v. prior to B1.2.4.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
The Carel pCOWeb is a product used for monitoring and remotely controlling HVAC (heating, ventilation and air conditioning) systems. It provides real-time monitoring, dynamic management, and remote programming of HVAC systems, giving the user full control over their equipment. The pCOWeb is widely used in various industries, including data centers, hospitals, commercial buildings, and pharmaceutical companies, ensuring efficient energy consumption and comfortable indoor environments.
CVE-2019-11370 is a critical vulnerability discovered in the Carel pCOWeb prior to B1.2.4. The vulnerability affects the config/pw_snmp.html "System contact" field, which can be exploited through a stored cross-site scripting (XSS) attack. This attack allows an attacker to inject malicious code into the web page, which can lead to the stealing of sensitive data, such as passwords or personal information, or a complete takeover of the HVAC system.
If exploited, the CVE-2019-11370 vulnerability can have severe consequences for the organization using the pCOWeb, including data theft, loss of control over the HVAC system, or a complete system shutdown. This can cause significant financial and reputational damage, as well as jeopardizing the safety and well-being of the people using the facility.
Thanks to the pro features of the s4e.io platform, organizations can easily and quickly identify vulnerabilities in their digital assets. With a comprehensive vulnerability scanning and reporting system, S4E offers robust solutions for identifying and mitigating security risks, ensuring the safety and security of your organization's digital assets. Don't wait until it's too late – protect your systems today with S4E.
REFERENCES