Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSecheron Sepcos Control And Protection Relay
HWSecheronwszystkie wersjeSecheron Sepcos Control And Protection Relay Firmware
OSSecheron1.23.0 – 1.23.21 (bez)1.24.0 – 1.24.8 (bez)1.25.0 – 1.25.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2022-2102CRITICAL9.4ten sam produkt
Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercep...
CVE-2022-2103CRITICAL9.8ten sam produkt
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read...
CVE-2022-2104CRITICAL9.9ten sam produkt
The www-data (Apache web server) account is configured to run sudo with no password for many commands (includi...
CVE-2022-2105CRITICAL9.4ten sam produkt
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authenticat...
CVE-2022-1667HIGH7.5ten sam produkt
Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., fro...