Skip to main content

Sepcos Control And Protection Relay Firmware

7 CVEs product

Monthly

CVE-2022-2105 CRITICAL Act Now

Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-2104 CRITICAL Act Now

The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apache Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-2103 CRITICAL Act Now

An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-2102 HIGH This Week

Controls limiting uploads to certain file extensions may be bypassed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-1668 CRITICAL Act Now

Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-1667 HIGH This Week

Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the corresponding, browser accessible PHP script. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-1666 MEDIUM This Month

The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sepcos Control And Protection Relay Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
EPSS 1% CVSS 9.1
CRITICAL Act Now

Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sepcos Control And Protection Relay Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apache Sepcos Control And Protection Relay Firmware
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sepcos Control And Protection Relay Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Controls limiting uploads to certain file extensions may be bypassed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Sepcos Control And Protection Relay Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Brute Force Information Disclosure Sepcos Control And Protection Relay Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the corresponding, browser accessible PHP script. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Sepcos Control And Protection Relay Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sepcos Control And Protection Relay Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy