An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSecheron Sepcos Control And Protection Relay
HWSecheronwszystkie wersjeSecheron Sepcos Control And Protection Relay Firmware
OSSecheron1.23.0 – 1.23.21 (bez)1.24.0 – 1.24.8 (bez)1.25.0 – 1.25.3 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2022-1668CRITICAL9.8ten sam produkt
Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the op...
CVE-2022-2102CRITICAL9.4ten sam produkt
Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercep...
CVE-2022-2104CRITICAL9.9ten sam produkt
The www-data (Apache web server) account is configured to run sudo with no password for many commands (includi...
CVE-2022-2105CRITICAL9.4ten sam produkt
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authenticat...
CVE-2022-1667HIGH7.5ten sam produkt
Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., fro...