CVE-2020-18329

An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:carel:pcoweb_card_web:2.2:*:*:*:*:*:*:*
cpe:2.3:o:carel:pcoweb_card_bios:6.27:*:*:*:*:*:*:*
cpe:2.3:o:carel:pcoweb_card_boot:5.00:*:*:*:*:*:*:*

History

21 Nov 2024, 05:08

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en dispositivos Rehau que utilizan una tarjeta pCOWeb BIOS v6.27, BOOT v5.00, versión web v2.2, que permite a los atacantes obtener acceso completo no autenticado a la interfaz de configuración y servicio.
References () https://github.com/cybertoxin/CVEs/blob/main/CVE_2020_18329.md - Third Party Advisory () https://github.com/cybertoxin/CVEs/blob/main/CVE_2020_18329.md - Third Party Advisory
References () https://medium.com/%40SergiuSechel/insecure-permissions-in-rehau-group-unlimited-polymer-solutions-implementation-of-carel-pcoweb-514c148ae694 - () https://medium.com/%40SergiuSechel/insecure-permissions-in-rehau-group-unlimited-polymer-solutions-implementation-of-carel-pcoweb-514c148ae694 -

07 Nov 2023, 03:19

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@SergiuSechel/insecure-permissions-in-rehau-group-unlimited-polymer-solutions-implementation-of-carel-pcoweb-514c148ae694', 'name': 'https://medium.com/@SergiuSechel/insecure-permissions-in-rehau-group-unlimited-polymer-solutions-implementation-of-carel-pcoweb-514c148ae694', 'tags': ['Exploit', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40SergiuSechel/insecure-permissions-in-rehau-group-unlimited-polymer-solutions-implementation-of-carel-pcoweb-514c148ae694 -

Information

Published : 2023-01-26 21:15

Updated : 2024-11-21 05:08


NVD link : CVE-2020-18329

Mitre link : CVE-2020-18329

CVE.ORG link : CVE-2020-18329


JSON object : View

Products Affected

carel

  • pcoweb_card_web
  • pcoweb_card_boot
  • pcoweb_card_bios
CWE
CWE-281

Improper Preservation of Permissions