CVE-2019-11370 Scanner

The Carel pCOWeb is a product used for monitoring and remotely controlling HVAC (heating, ventilation and air conditioning) systems. It provides real-time monitoring, dynamic management, and remote programming of HVAC systems, giving the user full control over their equipment. The pCOWeb is widely used in various industries, including data centers, hospitals, commercial buildings, and pharmaceutical companies, ensuring efficient energy consumption and comfortable indoor environments.

CVE-2019-11370 is a critical vulnerability discovered in the Carel pCOWeb prior to B1.2.4. The vulnerability affects the config/pw_snmp.html "System contact" field, which can be exploited through a stored cross-site scripting (XSS) attack. This attack allows an attacker to inject malicious code into the web page, which can lead to the stealing of sensitive data, such as passwords or personal information, or a complete takeover of the HVAC system.

If exploited, the CVE-2019-11370 vulnerability can have severe consequences for the organization using the pCOWeb, including data theft, loss of control over the HVAC system, or a complete system shutdown. This can cause significant financial and reputational damage, as well as jeopardizing the safety and well-being of the people using the facility.

Thanks to the pro features of the securityforeveryone.com platform, organizations can easily and quickly identify vulnerabilities in their digital assets. With a comprehensive vulnerability scanning and reporting system, Security for Everyone offers robust solutions for identifying and mitigating security risks, ensuring the safety and security of your organization's digital assets. Don't wait until it's too late – protect your systems today with Security for Everyone.

REFERENCES

• https://drive.google.com/open?id=1WkmtsCVNCtxwWH2fe9DtHow_Nedp1a7j 
• https://github.com/nepenthe0320/cve_poc/blob/master/CVE-2019-11370