What is CVE-2022-2102?

CVE-2022-2102 is a critical-severity vulnerability in Secheron Sepcos Control And Protection Relay Firmware Package, classified under Improper Enforcement of Behavioral Workflow. CVSS score: 9.4/10. Published 2022-06-24.

How severe is CVE-2022-2102?

Critical severity. CVSS v3 base score is 9.4 out of 10.

Vulnerability in Secheron Sepcos Control And Protection Relay Firmware Package

CVE-2022-2102

Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script…

EPSS: 0.002 (43.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.4 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H.

Affected products

Secheron Sepcos Control And Protection Relay Firmware Package — versions All versions

Weakness classification (CWE)

CWE-841 — Improper Enforcement of Behavioral Workflow

References

www.cisa.gov/uscert/ics/advisories/icsa-22-174-03 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-2102?: CVE-2022-2102 is a critical-severity vulnerability in Secheron Sepcos Control And Protection Relay Firmware Package, classified under Improper Enforcement of Behavioral Workflow. CVSS score: 9.4/10. Published 2022-06-24.
How severe is CVE-2022-2102?: Critical severity. CVSS v3 base score is 9.4 out of 10.