Carel pCOWeb HVAC Insecure Credential Storage
Posted by deepcore on November 2, 2019 – 12:21 pm
The Carel pCOWeb card stores password hashes in the file /etc/passwd, allowing privilege escalation by authenticated users. Additionally, plaintext copies of the passwords are stored. Version A 1.4.11 – B 1.4.2 is affected.
Post a reply
You must be logged in to post a comment.