PatchSiren

CAREL CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL CAREL CVE published 2024-06-20

CVE-2023-3643

A critical Local File Inclusion (LFI) vulnerability in CAREL Boss-Mini (version 1.4.0 Build 6221) allows network-adjacent attackers to access unauthorized filesystem resources including configuration files, password files, and system logs. Published June 20, 2024, this vulnerability carries a CVSS 3.1 score of 9.8 (Critical) with network attack vector, low complexity, and no privileges required. The LFI t [truncated]