Known Vulnerabilities for products from Carel

Listed below are 11 of the newest known vulnerabilities associated with the vendor "Carel".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2023-3643 json A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of ... 9.8 - CRITICAL 2023-07-12 2023-11-07
CVE-2022-37122 json Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffer... 7.5 - HIGH 2022-08-31 2022-09-08
CVE-2022-34827 json Carel Boss Mini 1.5.0 has Improper Access Control. 9.9 - CRITICAL 2022-11-18 2023-08-08
CVE-2020-18329 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.5 - HIGH 2023-01-26 2023-11-07
CVE-2019-13553 json Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechani... 9.8 - CRITICAL 2019-10-25 2020-02-10
CVE-2019-13549 json Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechani... 7.5 - HIGH 2019-10-25 2020-02-10
CVE-2019-11370 json Stored XSS was discovered in Carel pCOWeb prior to B1.2.4, as demonstrated by the config/pw_snmp.html "System contact" field. 5.4 - MEDIUM 2019-06-03 2019-06-04
CVE-2019-11369 json An issue was discovered in Carel pCOWeb prior to B1.2.4. In /config/pw_changeusers.html the device stores cleartext passwords... 8.8 - HIGH 2019-06-03 2020-08-24
CVE-2019-9484 json The Glen Dimplex Deutschland GmbH implementation of the Carel pCOWeb configuration tool allows remote attackers to obtain acc... 7.5 - HIGH 2019-03-01 2023-11-07
CVE-2016-0867 json CAREL PlantVisorEnhanced allows remote attackers to bypass intended access restrictions via a direct file request. Not Provided 2016-01-30 2026-05-06
CVE-2011-3487 json Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to rea... Not Provided 2011-09-16 2026-04-29

Known software with vulnerabilities from Carel

Type Vendor Product Version
Operating
System		CarelPcoweb Card Firmwareb1.2.1
Operating
System		CarelPcoweb Firmwarea1.5.3
ApplicationCarelPlantvisorenhanced-
ApplicationCarelPlantvisor Enhanced-
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report