Carel pCOWeb HVAC Insecure Credential Storage
Posted on 01 November 2019
The Carel pCOWeb card stores password hashes in the file /etc/passwd, allowing privilege escalation by authenticated users. Additionally, plaintext copies of the passwords are stored. Version A 1.4.11 - B 1.4.2 is affected.