Ecoa Graphic Control Software
13 CVEs affecting Ecoa Graphic Control Software. Latest disclosed: 2021-09-30. Critical: 7, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-41301 | Critical | 9.8 | 2021-09-30 | ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will e… |
CVE-2021-41300 | Critical | 9.8 | 2021-09-30 | ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege w… |
CVE-2021-41299 | Critical | 9.8 | 2021-09-30 | ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege wit… |
CVE-2021-41296 | Critical | 9.8 | 2021-09-30 | ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the syst… |
CVE-2021-41292 | Critical | 9.8 | 2021-09-30 | ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authenticatio… |
CVE-2021-41290 | Critical | 9.8 | 2021-09-30 | ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely se… |
CVE-2021-41294 | Critical | 9.1 | 2021-09-30 | ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Using the specific GET parameter, unauthenticated attackers… |
CVE-2021-41298 | High | 8.8 | 2021-09-30 | ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied… |
CVE-2021-41297 | High | 8.8 | 2021-09-30 | ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of adm… |
CVE-2021-41295 | High | 8.8 | 2021-09-30 | ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and… |
CVE-2021-41293 | High | 7.5 | 2021-09-30 | ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attacke… |
CVE-2021-41291 | High | 7.5 | 2021-09-30 | ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remo… |
CVE-2021-41302 | High | 7.3 | 2021-09-30 | ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s… |