Vulnerabilities (CVE)

Filtered by vendor Carlosgavazzi Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5146 1 Carlosgavazzi 4 Vmu-c Em, Vmu-c Em Firmware, Vmu-c Pv and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text.
CVE-2017-5145 1 Carlosgavazzi 4 Vmu-c Em, Vmu-c Em Firmware, Vmu-c Pv and 1 more 2024-11-21 7.5 HIGH 10.0 CRITICAL
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration.
CVE-2017-5144 1 Carlosgavazzi 4 Vmu-c Em, Vmu-c Em Firmware, Vmu-c Pv and 1 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication.
CVE-2012-6428 1 Carlosgavazzi 2 Eos-box Photovoltaic Monitoring System, Eos-box Photovoltaic Monitoring System Firmware 2024-11-21 10.0 HIGH N/A
Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862.
CVE-2012-6427 1 Carlosgavazzi 2 Eos-box Photovoltaic Monitoring System, Eos-box Photovoltaic Monitoring System Firmware 2024-11-21 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861.