Risk Summary
Successful exploitation of this vulnerability could allow an attacker to manipulate an argument path, which would lead to information disclosure.
CVEs (1)
Remediations
- CAREL recommends updating to v1.6.0 or later
- If immediate upgrade is not possible, users should consider and implement the following mitigations:
- Ensure that default login credentials have been changed;
- Use strong, non-compromised passwords (i.e. passwords making use of uppercase and lowercase letters, special characters and numbers)
- Ensure the device has been deployed in a segregated internal network as per CAREL's security recommendations (doc code +030220471 available at carel.com).
Affected Vendors
CAREL
Affected Products (1)
CAREL
·
Boss-Mini
1.4.0_(Build_6221)
Affected Sectors
Commercial Facilities
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more