CVE-2019-11369

An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords, which may allow sensitive information to be read by someone with access to the device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2019/Oct/45
https://drive.google.com/open?id=12Sq6oaxe1mC1y71Emo1YladjDjwTdNfb
https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11369
http://seclists.org/fulldisclosure/2019/Oct/45
https://drive.google.com/open?id=12Sq6oaxe1mC1y71Emo1YladjDjwTdNfb
https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11369