Sepcos Control And Protection Relay Firmware
CVE-2022-2105
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters.
AnalysisAI
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-841. Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters. Affected products include: Secheron Sepcos Control And Protection Relay Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh
Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP por
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive
Controls limiting uploads to certain file extensions may be bypassed. Rated high severity (CVSS 7.5), this vulnerability
Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the brow
The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was us
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today