Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
secheron sepcos control and protection relay firmware vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2022-1666
The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool.
Secheron Sepcos Control And Protection Relay Firmware
7.8
CVSSv2
CVE-2022-1667
Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the corresponding, browser accessible PHP script
Secheron Sepcos Control And Protection Relay Firmware
10
CVSSv2
CVE-2022-1668
Weak default root user credentials allow remote malicious users to easily obtain OS superuser privileges over the open TCP port for SSH.
Secheron Sepcos Control And Protection Relay Firmware
5
CVSSv2
CVE-2022-2102
Controls limiting uploads to certain file extensions may be bypassed. This could allow an malicious user to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allow...
Secheron Sepcos Control And Protection Relay Firmware
6.4
CVSSv2
CVE-2022-2103
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an malicious user to read sensitive files and write to remotely executable directories.
Secheron Sepcos Control And Protection Relay Firmware
6.4
CVSSv2
CVE-2022-2105
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters.
Secheron Sepcos Control And Protection Relay Firmware
7.5
CVSSv2
CVE-2022-2104
The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).
Secheron Sepcos Control And Protection Relay Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started