CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2022-2105

CVSS 9.4v3.1pub. 2022-06-24upd. 2024-11-21

Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a β€œroot” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
  • Secheron Sepcos Control And Protection Relay

    HW
    Secheron
    wszystkie wersje
  • Secheron Sepcos Control And Protection Relay Firmware

    OS
    Secheron
    1.23.0 – 1.23.21 (bez)1.24.0 – 1.24.8 (bez)1.25.0 – 1.25.3 (bez)
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-1668CRITICAL9.8ten sam produkt

Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the op...

CVE-2022-2102CRITICAL9.4ten sam produkt

Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercep...

CVE-2022-2103CRITICAL9.8ten sam produkt

An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read...

CVE-2022-2104CRITICAL9.9ten sam produkt

The www-data (Apache web server) account is configured to run sudo with no password for many commands (includi...

CVE-2022-1667HIGH7.5ten sam produkt

Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., fro...

CVE-2022-2105 β€” Secheron β€” Sepcos Control And Protection Relay β€” CRITICAL β€” CVSS 9.4 | CVEbaza.pl