Secheron Sepcos Control And Protection Relay Firmware Package
7 CVEs affecting Secheron Sepcos Control And Protection Relay Firmware Package. Latest disclosed: 2022-06-24. Critical: 5, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-2104 | Critical | 9.9 | 2022-06-24 | The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash). |
CVE-2022-1668 | Critical | 9.8 | 2022-06-24 | Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH. |
CVE-2022-2103 | Critical | 9.8 | 2022-06-24 | An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable… |
CVE-2022-2102 | Critical | 9.4 | 2022-06-24 | Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modif… |
CVE-2022-2105 | Critical | 9.4 | 2022-06-24 | Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for… |
CVE-2022-1667 | High | 7.5 | 2022-06-24 | Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the correspo… |
CVE-2022-1666 | Medium | 6.5 | 2022-06-24 | The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely… |