Multiple vulnerabilities in Secheron SEPCOS Single Package
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2022-2105 CVE-2022-1667 CVE-2022-2102 CVE-2022-1668 CVE-2022-2103 CVE-2022-2104 CVE-2022-1666 |
| CWE-ID | CWE-841 CWE-521 CWE-284 CWE-269 CWE-522 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SEPCOS Single Package Hardware solutions / Firmware |
| Vendor | Sécheron |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Improper Enforcement of Behavioral Workflow
EUVDB-ID: #VU64680
Risk: High
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2105
CWE-ID:
CWE-841 - Improper Enforcement of Behavioral Workflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper enforcement of behavioral workflow. A remote attacker can bypass client-side JavaScript controls to change user credentials and permissions without authentication.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSEPCOS Single Package: before 1.23.21
CPE2.3 External linkshttp://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Enforcement of Behavioral Workflow
EUVDB-ID: #VU64683
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1667
CWE-ID:
CWE-841 - Improper Enforcement of Behavioral Workflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper enforcement of behavioral workflow. A remote attacker can bypass client-side JavaScript controls by directly running a JS function to reboot the PLC or by loading the corresponding, browser accessible PHP script.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSEPCOS Single Package: before 1.23.21
CPE2.3 External linkshttp://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Enforcement of Behavioral Workflow
EUVDB-ID: #VU64686
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2102
CWE-ID:
CWE-841 - Improper Enforcement of Behavioral Workflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to controls limiting uploads to certain file extensions may be bypassed. A remote attacker can intercept the initial file upload page response and modify the associated code, leading to arbitrary file upload.
MitigationInstall update from vendor's website.
Vulnerable software versionsSEPCOS Single Package: before 1.23.21
CPE2.3 External linkshttp://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Weak password requirements
EUVDB-ID: #VU64687
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1668
CWE-ID:
CWE-521 - Weak Password Requirements
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform brute-force attack and guess the password.
The vulnerability exists due to weak password requirements. An attacker can obtain OS superuser privileges over the open TCP port for SSH.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSEPCOS Single Package: before 1.23.21
CPE2.3 External linkshttp://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper access control
EUVDB-ID: #VU64688
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2103
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can read sensitive files and write to remotely executable directories.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSEPCOS Single Package: before 1.23.21
CPE2.3 External linkshttp://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper Privilege Management
EUVDB-ID: #VU64689
Risk: Medium
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2104
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges.
The vulnerability exists due to the www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash). A remote user can escalate privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSEPCOS Single Package: before 1.23.21
CPE2.3 External linkshttp://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Insufficiently protected credentials
EUVDB-ID: #VU64690
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1666
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the default password for the web application’s root user is weak. A remote user can gain access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSEPCOS Single Package: before 1.23.21
CPE2.3 External linkshttp://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
