Lucene search

MitreCVE-2020-18329

HistoryJan 26, 2023 - 9:15 p.m.

CVE-2020-18329

2023-01-2621:15:18

CWE-281

mitre

web.nvd.nist.gov

rehau

pcoweb

bios

cve-2020-18329

security

vulnerability

unauthenticated access

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.7

Confidence

High

EPSS

0.002

Percentile

52.9%

JSON

An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface.

Affected configurations

Nvd

Node

carelpcoweb_card_webMatch2.2

carelpcoweb_card_biosMatch6.27

carelpcoweb_card_bootMatch5.00

VendorProductVersionCPE
carelpcoweb_card_web2.2cpe:2.3:a:carel:pcoweb_card_web:2.2:*:*:*:*:*:*:*
carelpcoweb_card_bios6.27cpe:2.3:o:carel:pcoweb_card_bios:6.27:*:*:*:*:*:*:*
carelpcoweb_card_boot5.00cpe:2.3:o:carel:pcoweb_card_boot:5.00:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
carel	pcoweb_card_web	2.2	cpe:2.3:a:carel:pcoweb_card_web:2.2:::::::*
carel	pcoweb_card_bios	6.27	cpe:2.3:o:carel:pcoweb_card_bios:6.27:::::::*
carel	pcoweb_card_boot	5.00	cpe:2.3:o:carel:pcoweb_card_boot:5.00:::::::*

References

github.com/cybertoxin/CVEs/blob/main/CVE_2020_18329.md

medium.com/%40SergiuSechel/insecure-permissions-in-rehau-group-unlimited-polymer-solutions-implementation-of-carel-pcoweb-514c148ae694

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.7

Confidence

High

EPSS

0.002

Percentile

52.9%

JSON

Related for CVE-2020-18329