The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain access via an HTTP session on port 10000, as demonstrated by reading the modem password (which is 1234), or reconfiguring "party mode" or "vacation mode."
Published 2019-03-01 07:29:00
Updated 2020-08-24 17:37:01
Source MITRE
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2019-9484

0.68%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-9484

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.0
MEDIUM AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
NIST
7.5
HIGH CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.9
3.6
NIST

CWE ids for CVE-2019-9484

Vendor statements for CVE-2019-9484

  • Glen Dimplex Deutschland GmbH 2020-05-29
    Glen Dimplex Deutschland GmbH does not deliver the Carel pCOweb card with an open port 10000 or 10001. The shown password ‘1234’ on the webpage is not being used in any current application. It was being used in former times together with a connection via modem, this is not realized anymore. More details to the current application: www.dimplex.de/wiki.

References for CVE-2019-9484

Products affected by CVE-2019-9484

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!