SB2022062712 - Multiple vulnerabilities in Secheron SEPCOS Single Package
Published: June 27, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 vulnerabilities.
1) Improper Enforcement of Behavioral Workflow (CVE-ID: CVE-2022-2105)
CWE-ID: CWE-841 - Improper Enforcement of Behavioral Workflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper enforcement of behavioral workflow. A remote attacker can bypass client-side JavaScript controls to change user credentials and permissions without authentication.
2) Improper Enforcement of Behavioral Workflow (CVE-ID: CVE-2022-1667)
CWE-ID: CWE-841 - Improper Enforcement of Behavioral Workflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper enforcement of behavioral workflow. A remote attacker can bypass client-side JavaScript controls by directly running a JS function to reboot the PLC or by loading the corresponding, browser accessible PHP script.
3) Improper Enforcement of Behavioral Workflow (CVE-ID: CVE-2022-2102)
CWE-ID: CWE-841 - Improper Enforcement of Behavioral Workflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to controls limiting uploads to certain file extensions may be bypassed. A remote attacker can intercept the initial file upload page response and modify the associated code, leading to arbitrary file upload.
4) Weak password requirements (CVE-ID: CVE-2022-1668)
CWE-ID: CWE-521 - Weak Password Requirements
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows an attacker to perform brute-force attack and guess the password.
The vulnerability exists due to weak password requirements. An attacker can obtain OS superuser privileges over the open TCP port for SSH.
5) Improper access control (CVE-ID: CVE-2022-2103)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can read sensitive files and write to remotely executable directories.
6) Improper Privilege Management (CVE-ID: CVE-2022-2104)
CWE-ID: CWE-269 - Improper Privilege Management
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to escalate privileges.
The vulnerability exists due to the www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash). A remote user can escalate privileges.
7) Insufficiently protected credentials (CVE-ID: CVE-2022-1666)
CWE-ID: CWE-522 - Insufficiently Protected Credentials
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the default password for the web application’s root user is weak. A remote user can gain access to sensitive information on the system.
Remediation
Install update from vendor's website.