Sepcos Control And Protection Relay Firmware
CVE-2022-1666
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool.
AnalysisAI
The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Insufficiently Protected Credentials (CWE-522), which allows attackers to obtain user credentials due to weak protection mechanisms. The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool. Affected products include: Secheron Sepcos Control And Protection Relay Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Hash passwords with strong algorithms (bcrypt, argon2), encrypt credentials in transit and at rest, never log credentials.
The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh
Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP por
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, inclu
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive
Controls limiting uploads to certain file extensions may be bypassed. Rated high severity (CVSS 7.5), this vulnerability
Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the brow
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today