Multiple vulnerabilities in Secheron SEPCOS Single Package



Published: 2022-06-27
Risk High
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2022-2105
CVE-2022-1667
CVE-2022-2102
CVE-2022-1668
CVE-2022-2103
CVE-2022-2104
CVE-2022-1666
CWE-ID CWE-841
CWE-521
CWE-284
CWE-269
CWE-522
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
SEPCOS Single Package
Hardware solutions / Firmware

Vendor

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Improper Enforcement of Behavioral Workflow

EUVDB-ID: #VU64680

Risk: High

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2105

CWE-ID: CWE-841 - Improper Enforcement of Behavioral Workflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper enforcement of behavioral workflow. A remote attacker can bypass client-side JavaScript controls to change user credentials and permissions without authentication.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SEPCOS Single Package: before 1.25.3, 1.24.8, 1.23.21


CPE2.3 External links

http://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Enforcement of Behavioral Workflow

EUVDB-ID: #VU64683

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1667

CWE-ID: CWE-841 - Improper Enforcement of Behavioral Workflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper enforcement of behavioral workflow. A remote attacker can bypass client-side JavaScript controls by directly running a JS function to reboot the PLC or by loading the corresponding, browser accessible PHP script.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SEPCOS Single Package: before 1.25.3, 1.24.8, 1.23.21


CPE2.3 External links

http://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Enforcement of Behavioral Workflow

EUVDB-ID: #VU64686

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2102

CWE-ID: CWE-841 - Improper Enforcement of Behavioral Workflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to controls limiting uploads to certain file extensions may be bypassed. A remote attacker can intercept the initial file upload page response and modify the associated code, leading to arbitrary file upload.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SEPCOS Single Package: before 1.25.3, 1.24.8, 1.23.21


CPE2.3 External links

http://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Weak password requirements

EUVDB-ID: #VU64687

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1668

CWE-ID: CWE-521 - Weak Password Requirements

Exploit availability: No

Description

The vulnerability allows an attacker to perform brute-force attack and guess the password.

The vulnerability exists due to weak password requirements. An attacker can obtain OS superuser privileges over the open TCP port for SSH.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SEPCOS Single Package: before 1.25.3, 1.24.8, 1.23.21


CPE2.3 External links

http://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper access control

EUVDB-ID: #VU64688

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2103

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can read sensitive files and write to remotely executable directories.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SEPCOS Single Package: before 1.25.3, 1.24.8, 1.23.21


CPE2.3 External links

http://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Privilege Management

EUVDB-ID: #VU64689

Risk: Medium

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2104

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges.

The vulnerability exists due to the www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash). A remote user can escalate privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SEPCOS Single Package: before 1.25.3, 1.24.8, 1.23.21


CPE2.3 External links

http://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Insufficiently protected credentials

EUVDB-ID: #VU64690

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1666

CWE-ID: CWE-522 - Insufficiently Protected Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the default password for the web application’s root user is weak. A remote user can gain access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

SEPCOS Single Package: before 1.25.3, 1.24.8, 1.23.21


CPE2.3 External links

http://www.cisa.gov/uscert/ics/advisories/icsa-22-174-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###