CRITICAL✓ PATCH🇬🇧 English

CVE-2020-29020

CVSS 9.1v3.1pub. 2021-03-05upd. 2024-11-21

Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Secomea Sitemanager

    HW
    Secomea
    wszystkie wersje
  • Secomea Sitemanager Firmware

    OS
    Secomea
    < 9.4.620527004
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2021-32003HIGH8.0ten sam produkt

Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker t...

CVE-2021-32002MEDIUM4.3ten sam produkt

Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without cred...

CVE-2022-25784CRITICAL9.1ten sam vendor

Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. ...

CVE-2021-32008CRITICAL9.9ten sam vendor

This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Improper Limitation of a...

CVE-2020-29026CRITICAL9.0ten sam vendor

A directory traversal vulnerability exists in the file upload function of the GateManager that allows an authe...