Secheron Sepcos Control And Protection Relay Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Secheron Sepcos Control And Protection Relay Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2022-2104 — CVSS 9.9 (critical): The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).
CVE-2022-2103 — CVSS 9.8 (critical): An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to…
CVE-2022-1668 — CVSS 9.8 (critical): Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH.
CVE-2022-2102 — CVSS 9.4 (critical): Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload…
CVE-2022-2105 — CVSS 9.4 (critical): Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root”…
CVE-2022-1667 — CVSS 7.5 (high): Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by…
CVE-2022-1666 — CVSS 6.5 (medium): The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the…